[Snort-users] -s option vs alert_syslog in config

dave w capella dave.capella at ...1712...
Thu Apr 5 12:14:20 EDT 2001

Hi all,

After noticing that I was showing nothing but port scans in my
logs, I uncommented this line in snort.conf:

output alert_syslog: LOG_AUTH LOG_ALERT

When I relaunched snort, it mentioned a conflict w/the command line.
This is the command in the boot script:

daemon /usr/sbin/snort -u snort -g snort -s -d -D \
	-i $INTERFACE -l /var/log/snort -c /etc/snort/snort.conf

Since the only likely candidate was the '-s' option, I deleted it and
relaunched. Sure enough, now I was getting all sorts of alerts.

These two things look like they should do the same thing (to me).

What am I missing?
dave w capella            |  http://capella.ithaca.ny.us/
Systems Administrator     |  mailto:dave.capella at ...1712...  
Department of Biometrics  |  http://www.biom.cornell.edu/
Cornell University        |  (607) 255-9847
PGP Key                   |  http://capella.ithaca.ny.us/pgpkey.txt
        It's kind of fun to do the impossible.- Disney 

More information about the Snort-users mailing list