[Snort-users] Logging alerts two places at once

Prins, J.H. J.H.Prins at ...1070...
Fri Jan 26 09:24:27 EST 2001

I had the same problem here and I put the logging output in the snort.conf
file and removed all the output parms from the startup script. Works fine

J.H. Prins

-----Original Message-----
From: Peter Bates [mailto:peter.bates at ...79...]
Sent: vrijdag 26 januari 2001 11:40
To: snort-users
Subject: Re: [Snort-users] Logging alerts two places at once

Hello all...

>Yeah, specify the output plugins in the conf file.  For what you're
>asking for, you'd want to do something like:
>output syslog: LOG_AUTH LOG_ALERT
>output full: alert

I was about to ask the same question (thanks Lance!)...

I've got the above in my snort.conf, but no joy
in terms of the file logging...

I'm using (as the command-line option)

/snort -u snort -g snort -A full -de -s -D -i eth1 -N -c

and it logs fine to syslog, but no other
recording in the 'alert' file...

Or should the startup commands be really
simple, and all the complex stuff be in the snort.conf?

I need basically to run A full and -e,
but it would be nice to see syslog output,
and important to gather the stuff in the file...

I'm normally be happy just sifting through the
syslog output, but this is for an 'unnameable'
project that I'm sure others on this list are probably aware of...

Peter Bates, Systems Support Officer, Network Support Team.
London School of Hygiene & Tropical Medicine.
Telephone:0207-927 2124 / Fax:0207-436 5389 / Pager: 07625 255362

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:

More information about the Snort-users mailing list