[Snort-users] Snort logging to syslog

Erek Adams erek at ...577...
Wed Apr 11 10:04:03 EDT 2001


On Wed, 11 Apr 2001, Christopher Meiklejohn wrote:

> I am running solaris 2.6 and snort 1.7.  In the snort.conf file.. when I tell it to log to syslog..
>
> ex.( output alert_syslog: LOG_LOCAL6 LOG_ALERT)
>
> It still logs to /var/log/messages?
>
> Is there somthing I am missing here?

Yes.  /etc/syslog.conf  :)

You need to have a line that reads something like:

local6.info					/var/log/snort.log

Then "touch /var/log/snort.log" and kill -HUP on syslog and you should be
ready to go!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list