[Snort-users] -s option vs alert_syslog in config

Martin Roesch roesch at ...421...
Fri Apr 6 23:35:52 EDT 2001


They do the same thing, but the facility and level of the -s syslog
alerts are hard coded into the system, the ones in the file are user
adjustable.

    -Marty

dave w capella wrote:
> 
> Hi all,
> 
> After noticing that I was showing nothing but port scans in my
> logs, I uncommented this line in snort.conf:
> 
> output alert_syslog: LOG_AUTH LOG_ALERT
> 
> When I relaunched snort, it mentioned a conflict w/the command line.
> This is the command in the boot script:
> 
> daemon /usr/sbin/snort -u snort -g snort -s -d -D \
>         -i $INTERFACE -l /var/log/snort -c /etc/snort/snort.conf
> 
> Since the only likely candidate was the '-s' option, I deleted it and
> relaunched. Sure enough, now I was getting all sorts of alerts.
> 
> These two things look like they should do the same thing (to me).
> 
> What am I missing?
> ...dave
> --
> dave w capella            |  http://capella.ithaca.ny.us/
> Systems Administrator     |  mailto:dave.capella at ...1712...
> Department of Biometrics  |  http://www.biom.cornell.edu/
> Cornell University        |  (607) 255-9847
> PGP Key                   |  http://capella.ithaca.ny.us/pgpkey.txt
>         It's kind of fun to do the impossible.- Disney
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list