[Snort-users] Logging alerts two places at once

Chris Green cmg at ...671...
Fri Jan 26 09:29:31 EST 2001

Peter Bates <peter.bates at ...79...> writes:

> Hello all...
> >Yeah, specify the output plugins in the conf file.  For what you're
> >asking for, you'd want to do something like:
> >
> >output syslog: LOG_AUTH LOG_ALERT
> >output full: alert
> I was about to ask the same question (thanks Lance!)...
> I've got the above in my snort.conf, but no joy
> in terms of the file logging...

You need to not specify -A and -s options on the command line.  You
should see a warning about command line options overriding the config

> I'm using (as the command-line option)
> /snort -u snort -g snort -A full -de -s -D -i eth1 -N -c /etc/snort/snort.conf
> and it logs fine to syslog, but no other
> recording in the 'alert' file...
> Or should the startup commands be really
> simple, and all the complex stuff be in the snort.conf?

yes, I believe so.
Chris Green <cmg at ...671...>
Life is a series of rude awakenings.
                -- R.V. Winkle

More information about the Snort-users mailing list