[Snort-users] Log level

Martin Roesch roesch at ...421...
Mon Oct 2 14:30:29 EDT 2000


1) Modify the *-lib files to get rid of alerts you aren't interested in.  The
library files that ship with Snort are merely an example, not a required rule
set!

2) You can modify the syslog facility by setting it in the rules file with the
'output syslog:' directive.  See the "Writing Snort Rules" page for more info.

    -Marty

Mark Drummond wrote:
> 
> Is there some way to change the SYSLOG log level/facility from the snort
> command line? getting ICMP Dest Unreachables on auth.alert is a bit
> ridiculous, and a pain in the ass since most machines send auth.alert
> (which should be a _significant_ event) to the console.
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch
roesch at ...421...
http://www.snort.org



More information about the Snort-users mailing list