[Snort-users] Help with output alert_syslog
joey at ...47...
Fri Apr 27 13:37:23 EDT 2001
Sean Redmond wrote:
> I'm confused about configuring output plugins. In my snort.conf I have the line
> output alert_syslog: snort.alert
Do you mean alert_full here?
> which works fine, but I can't get the syslog output working. If I have in
> output alert_syslog: LOG_LOCAL5 LOG_ALERT
> and in /etc/syslog.conf:
> local5.* /var/log/snort
> Shouldn't that work? Traffic get logged in snort.alert (in the directory I
> specified with the -l switch on the command line) but not in /var/log/snort
> (This is snort 1.7, on RedHat 6.1).
-l will override what you have in your configuration file. Remove that
and use a configuration like this:
output alert_full: snort.alert
output alert_syslog: LOG_LOCAL5 LOG_ALERT
Does that work for you?
| Joe McAlerney joey at ...155... |
| Silicon Defense - Technical Support for Snort |
| http://www.silicondefense.com/ |
More information about the Snort-users