[Snort-users] Logging alerts two places at once

Martin Roesch roesch at ...421...
Fri Jan 26 11:35:21 EST 2001


It should be:

output alert_syslog: LOG_AUTH LOG_ALERT
output full: alert

Try that.

   -Marty

Peter Bates wrote:
> 
> Hello again all...
> 
> >
> >  > >output syslog: LOG_AUTH LOG_ALERT
> >>  >output full: alert
> >>
> >>  I was about to ask the same question (thanks Lance!)...
> >>
> >>  I've got the above in my snort.conf, but no joy
> >>  in terms of the file logging...
> >  >
> >
> >You need to not specify -A and -s options on the command line.  You
> >should see a warning about command line options overriding the config
> >file.
> 
> Sorry to keep on about this, but it's still not working for me...
> 
> My command-line options are:
> 
> /usr/sbin/snort -u snort -g snort -de -D -i eth1 -N -c
> /etc/snort-local/snort.conf
> 
> The lines in my snort.conf are:
> 
> output syslog: LOG_ALERT
> output full: alert
> 
> and I get the full alerts in the file fine...
> 
> But no syslogging!
> 
> I can specify -A full and -s on the command-line
> as well, as get an either/or situation, but not both...
> 
> If I switch to
> 
> output alert_syslog: LOG_ALERT
> (as mentioned in snort.conf.dist)
> 
> I get syslogging, but then no file log...
> 
> Am I missing something?
> 
> --
> ---------------------------------------------------------------->
> Peter Bates, Systems Support Officer, Network Support Team.
> London School of Hygiene & Tropical Medicine.
> Telephone:0207-927 2124 / Fax:0207-436 5389 / Pager: 07625 255362
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list