[Snort-users] Syslog and SNORT

Fyodor fygrave at ...121...
Wed Apr 4 13:44:10 EDT 2001


On Tue, Apr 03, 2001 at 05:19:24PM -0400, Tom Sevy wrote:
> I would like to log *everything* from snort, but I don't want it
> broadcasting to users or the console.  I keep a single system running that
> catches syslogs from all systems on my network, and then, based on filtering
> & criteria, I send out pager notifications.
> 
> This may be more of an OS question (I am on FreeBSD 4.2-RELEASE).  But how
> could I accomplish this?  
> 

Probably has more to do with your syslog configuration, althrough you could tune syslog facility/loglevel too. (have a look into snort.conf, look for syslog spo comments).




More information about the Snort-users mailing list