[Snort-users] Alert Loggin to database and syslog

Ben Lovett blovett at ...682...
Sat Jan 6 22:04:56 EST 2001


Ron Rosson (insane at ...322...) wrote:
> preprocessor http_decode: 80 443 8080
> preprocessor minfrag: 128
> preprocessor portscan: $INTERNAL 3 5 /var/log/snort/portscan
> preprocessor portscan-ignorehosts: $INTERNAL xxx.xxx.xxx.10 xxx.xxx.xxx.20
> output database: log, mysql, dbname=snort user=mysnort host=myhost
> 
> include: /etc/snort/vision.conf

Hey Ron,

Add the following to your ruleset, and you should be good to go:
output alert_syslog: LOG_AUTH LOG_ALERT

HTH
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Ben Lovett					printf("Hello world!);
don4r						return 0;
don4r at ...682...
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                      Loose bits sink chips.




More information about the Snort-users mailing list