[Snort-users] Logging alerts two places at once

Peter Bates peter.bates at ...79...
Fri Jan 26 05:39:51 EST 2001

Hello all...

>Yeah, specify the output plugins in the conf file.  For what you're
>asking for, you'd want to do something like:
>output syslog: LOG_AUTH LOG_ALERT
>output full: alert

I was about to ask the same question (thanks Lance!)...

I've got the above in my snort.conf, but no joy
in terms of the file logging...

I'm using (as the command-line option)

/snort -u snort -g snort -A full -de -s -D -i eth1 -N -c /etc/snort/snort.conf

and it logs fine to syslog, but no other
recording in the 'alert' file...

Or should the startup commands be really
simple, and all the complex stuff be in the snort.conf?

I need basically to run A full and -e,
but it would be nice to see syslog output,
and important to gather the stuff in the file...

I'm normally be happy just sifting through the
syslog output, but this is for an 'unnameable'
project that I'm sure others on this list are probably aware of...

Peter Bates, Systems Support Officer, Network Support Team.
London School of Hygiene & Tropical Medicine.
Telephone:0207-927 2124 / Fax:0207-436 5389 / Pager: 07625 255362

More information about the Snort-users mailing list