[Snort-users] Logging alerts two places at once

Peter Bates peter.bates at ...79...
Fri Jan 26 11:26:40 EST 2001


Hello again all...

>
>  > >output syslog: LOG_AUTH LOG_ALERT
>>  >output full: alert
>>
>>  I was about to ask the same question (thanks Lance!)...
>>
>>  I've got the above in my snort.conf, but no joy
>>  in terms of the file logging...
>  >
>
>You need to not specify -A and -s options on the command line.  You
>should see a warning about command line options overriding the config
>file.

Sorry to keep on about this, but it's still not working for me...

My command-line options are:

/usr/sbin/snort -u snort -g snort -de -D -i eth1 -N -c 
/etc/snort-local/snort.conf

The lines in my snort.conf are:

output syslog: LOG_ALERT
output full: alert

and I get the full alerts in the file fine...

But no syslogging!

I can specify -A full and -s on the command-line
as well, as get an either/or situation, but not both...

If I switch to

output alert_syslog: LOG_ALERT
(as mentioned in snort.conf.dist)

I get syslogging, but then no file log...


Am I missing something?

-- 
---------------------------------------------------------------->
Peter Bates, Systems Support Officer, Network Support Team.
London School of Hygiene & Tropical Medicine.
Telephone:0207-927 2124 / Fax:0207-436 5389 / Pager: 07625 255362




More information about the Snort-users mailing list