[Snort-users] -s option vs alert_syslog in config
roesch at ...421...
Fri Apr 6 23:35:52 EDT 2001
They do the same thing, but the facility and level of the -s syslog
alerts are hard coded into the system, the ones in the file are user
dave w capella wrote:
> Hi all,
> After noticing that I was showing nothing but port scans in my
> logs, I uncommented this line in snort.conf:
> output alert_syslog: LOG_AUTH LOG_ALERT
> When I relaunched snort, it mentioned a conflict w/the command line.
> This is the command in the boot script:
> daemon /usr/sbin/snort -u snort -g snort -s -d -D \
> -i $INTERFACE -l /var/log/snort -c /etc/snort/snort.conf
> Since the only likely candidate was the '-s' option, I deleted it and
> relaunched. Sure enough, now I was getting all sorts of alerts.
> These two things look like they should do the same thing (to me).
> What am I missing?
> dave w capella | http://capella.ithaca.ny.us/
> Systems Administrator | mailto:dave.capella at ...1712...
> Department of Biometrics | http://www.biom.cornell.edu/
> Cornell University | (607) 255-9847
> PGP Key | http://capella.ithaca.ny.us/pgpkey.txt
> It's kind of fun to do the impossible.- Disney
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users