[Snort-users] Help with output alert_syslog

Sean Redmond sean.redmond at ...1928...
Fri Apr 27 12:52:49 EDT 2001


I'm confused about configuring output plugins. In my snort.conf I have the line

     output alert_syslog: snort.alert

which works fine, but I can't get the syslog output working. If I have in 
snort.conf:

     output alert_syslog: LOG_LOCAL5 LOG_ALERT

and in /etc/syslog.conf:

     local5.*    /var/log/snort

Shouldn't that work? Traffic get logged in snort.alert (in the directory I 
specified with the -l switch on the command line) but not in /var/log/snort 
(This is snort 1.7, on RedHat 6.1).

Thanks,
Sean Redmond





More information about the Snort-users mailing list