[Snort-users] Logging alerts two places at once

Thorin thorinoakenshield at ...422...
Fri Jan 26 20:41:21 EST 2001


I believe the '-N' option Turns off logging but alerts still work. 
I also believe command-line options override what you have defined 
in the conf file.

You may want to remove '-N' and try again.

--Thorin

----- Original Message ----- 
From: "Peter Bates" <peter.bates at ...79...>
To: "snort-users" <snort-users at lists.sourceforge.net>
Sent: Friday, January 26, 2001 11:26
Subject: Re: [Snort-users] Logging alerts two places at once


> 
> Hello again all...
> 
> >
> >  > >output syslog: LOG_AUTH LOG_ALERT
> >>  >output full: alert
> >>
> >>  I was about to ask the same question (thanks Lance!)...
> >>
> >>  I've got the above in my snort.conf, but no joy
> >>  in terms of the file logging...
> >  >
> >
> >You need to not specify -A and -s options on the command line.  You
> >should see a warning about command line options overriding the config
> >file.
> 
> Sorry to keep on about this, but it's still not working for me...
> 
> My command-line options are:
> 
> /usr/sbin/snort -u snort -g snort -de -D -i eth1 -N -c 
> /etc/snort-local/snort.conf
> 
> The lines in my snort.conf are:
> 
> output syslog: LOG_ALERT
> output full: alert
> 
> and I get the full alerts in the file fine...
> 
> But no syslogging!
> 
> I can specify -A full and -s on the command-line
> as well, as get an either/or situation, but not both...
> 
> If I switch to
> 
> output alert_syslog: LOG_ALERT
> (as mentioned in snort.conf.dist)
> 
> I get syslogging, but then no file log...
> 
> 
> Am I missing something?
> 
> -- 
> ---------------------------------------------------------------->
> Peter Bates, Systems Support Officer, Network Support Team.
> London School of Hygiene & Tropical Medicine.
> Telephone:0207-927 2124 / Fax:0207-436 5389 / Pager: 07625 255362
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users





More information about the Snort-users mailing list