[Snort-users] Logging alerts two places at once

Martin Roesch roesch at ...421...
Fri Jan 26 00:23:29 EST 2001


Yeah, specify the output plugins in the conf file.  For what you're
asking for, you'd want to do something like:

output syslog: LOG_AUTH LOG_ALERT
output full: alert

That ought to do it.

    -Marty

Lance Spitzner wrote:
> 
> Any way of logging alerts two places at once?
> 
> For examples, lets say I want to log alerts FAST to
> syslogd and log FULL to /var/log/snort
> 
> Any idea how?
> 
> --
> Lance Spitzner
> http://project.honeynet.org
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list