[Snort-users] -s option vs alert_syslog in config
dave w capella
dave.capella at ...1712...
Thu Apr 5 12:14:20 EDT 2001
After noticing that I was showing nothing but port scans in my
logs, I uncommented this line in snort.conf:
output alert_syslog: LOG_AUTH LOG_ALERT
When I relaunched snort, it mentioned a conflict w/the command line.
This is the command in the boot script:
daemon /usr/sbin/snort -u snort -g snort -s -d -D \
-i $INTERFACE -l /var/log/snort -c /etc/snort/snort.conf
Since the only likely candidate was the '-s' option, I deleted it and
relaunched. Sure enough, now I was getting all sorts of alerts.
These two things look like they should do the same thing (to me).
What am I missing?
dave w capella | http://capella.ithaca.ny.us/
Systems Administrator | mailto:dave.capella at ...1712...
Department of Biometrics | http://www.biom.cornell.edu/
Cornell University | (607) 255-9847
PGP Key | http://capella.ithaca.ny.us/pgpkey.txt
It's kind of fun to do the impossible.- Disney
More information about the Snort-users