[Snort-users] Logging alerts two places at once
cmg at ...671...
Fri Jan 26 09:29:31 EST 2001
Peter Bates <peter.bates at ...79...> writes:
> Hello all...
> >Yeah, specify the output plugins in the conf file. For what you're
> >asking for, you'd want to do something like:
> >output syslog: LOG_AUTH LOG_ALERT
> >output full: alert
> I was about to ask the same question (thanks Lance!)...
> I've got the above in my snort.conf, but no joy
> in terms of the file logging...
You need to not specify -A and -s options on the command line. You
should see a warning about command line options overriding the config
> I'm using (as the command-line option)
> /snort -u snort -g snort -A full -de -s -D -i eth1 -N -c /etc/snort/snort.conf
> and it logs fine to syslog, but no other
> recording in the 'alert' file...
> Or should the startup commands be really
> simple, and all the complex stuff be in the snort.conf?
yes, I believe so.
Chris Green <cmg at ...671...>
Life is a series of rude awakenings.
-- R.V. Winkle
More information about the Snort-users