[Snort-users] Re: alert_syslog & alert_full (even with -l)
fabrice at ...1224...
Tue Jan 30 12:12:23 EST 2001
(still for the logging with alert_syslog & alert_full simultaneusly)
I already use the -l option, here is how i lauch snort:
/usr/sbin/snort -u snort -g snort -p -d -D -i eth0 -l /var/log/snort -c
and here is what i added in snort.conf:
output alert_full: /var/log/snort/alert
output alert_syslog: LOG_AUTHPRIV
All permissions are ok.
Syslog's config about for LOG_AUTHPRIV:
The creation of a directory with the name of the ip and the adding
the small dump of the alert are working in both cases.
Alerts are logged into the /var/log/snort/alert but not in the
syslog file (in my case, /var/log/secure).
If I add the -s command line parameter, then the syslog
logging works, but no more the /var/log/snort/alert one.
What am I doing wrong?
(I use the rpm version of snort 1.7.0)
More information about the Snort-users