[Snort-users] Logging alerts two places at once
thorinoakenshield at ...422...
Fri Jan 26 20:41:21 EST 2001
I believe the '-N' option Turns off logging but alerts still work.
I also believe command-line options override what you have defined
in the conf file.
You may want to remove '-N' and try again.
----- Original Message -----
From: "Peter Bates" <peter.bates at ...79...>
To: "snort-users" <snort-users at lists.sourceforge.net>
Sent: Friday, January 26, 2001 11:26
Subject: Re: [Snort-users] Logging alerts two places at once
> Hello again all...
> > > >output syslog: LOG_AUTH LOG_ALERT
> >> >output full: alert
> >> I was about to ask the same question (thanks Lance!)...
> >> I've got the above in my snort.conf, but no joy
> >> in terms of the file logging...
> > >
> >You need to not specify -A and -s options on the command line. You
> >should see a warning about command line options overriding the config
> Sorry to keep on about this, but it's still not working for me...
> My command-line options are:
> /usr/sbin/snort -u snort -g snort -de -D -i eth1 -N -c
> The lines in my snort.conf are:
> output syslog: LOG_ALERT
> output full: alert
> and I get the full alerts in the file fine...
> But no syslogging!
> I can specify -A full and -s on the command-line
> as well, as get an either/or situation, but not both...
> If I switch to
> output alert_syslog: LOG_ALERT
> (as mentioned in snort.conf.dist)
> I get syslogging, but then no file log...
> Am I missing something?
> Peter Bates, Systems Support Officer, Network Support Team.
> London School of Hygiene & Tropical Medicine.
> Telephone:0207-927 2124 / Fax:0207-436 5389 / Pager: 07625 255362
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
More information about the Snort-users