[Snort-users] syslog *and* file output?

Martin Roesch roesch at ...421...
Thu Jan 4 00:21:34 EST 2001


You can set it all up in the config file.  For example:

output alert_full: snort.alert
output syslog: LOG_AUTH LOG_ALERT

and if you want to log to a binary file:

output log_tcpdump: snort.log

You don't need to specify any output at the command line if you put both
a logging and alerting plugins in the config file.  NOte that you can
also specify multiple alerting or logging plugins (i.e. stack them)
without any ill effects.  It's definitely not necessary to run two
processes.

   -Marty


Stanislav Malyshev wrote:
> 
> This is probably a FAQ, but I didn't find definitive statement anywhere in
> Snort docs. So: Is it possible to make Snort put alerts both in syslog
> (like -s and syslog output plugin does) and into snort.alert like it does
> by default? Whatever I try, it does only one thing of two, and I want both
> of them. Is there a way?
> 
> --
> Stanislav Malyshev, Zend Products Engineer
> stas at ...1032...  http://www.zend.com/ +972-3-6139665 ext.115
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/mailman/listinfo/snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list