[Snort-users] Repost: Syslog, but I don't want it

Neil Dickey neil at ...1633...
Fri Jun 1 11:24:21 EDT 2001


Marc Thompson <Marc.Thompson at ...2101...> wrote:

>You recommended that I run snort without the -D (Daemon-mode)
>option.  I tried this, ran nmap, alerts fired but weren't sent
>to syslog.  This is the behavior that I want, so your idea worked.
>
>So, it seems that running snort in Daemon mode enables syslog
>logging via the LOCAL facility.  I imagine that this is by design.

For what it's worth, here's the command line in the script I use
to start Snort1.7 on my system ( Solaris2.7 ):

  snort -dD -h 111.222.333.444/24 -l $LOGPATH -c $RULESPATH/$RULESNAME -o

I think my variables make enough sense that you don't need me to
translate them.  ;-)  This arrangement works fine, in daemon mode,
and *without* logging to syslog.

Perhaps there is a problem with the RedHat implementation of Snort,
but it doesn't exist under Solaris.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115




More information about the Snort-users mailing list