[Snort-users] Repost: Syslog, but I don't want it
neil at ...1633...
Fri Jun 1 11:24:21 EDT 2001
Marc Thompson <Marc.Thompson at ...2101...> wrote:
>You recommended that I run snort without the -D (Daemon-mode)
>option. I tried this, ran nmap, alerts fired but weren't sent
>to syslog. This is the behavior that I want, so your idea worked.
>So, it seems that running snort in Daemon mode enables syslog
>logging via the LOCAL facility. I imagine that this is by design.
For what it's worth, here's the command line in the script I use
to start Snort1.7 on my system ( Solaris2.7 ):
snort -dD -h 111.222.333.444/24 -l $LOGPATH -c $RULESPATH/$RULESNAME -o
I think my variables make enough sense that you don't need me to
translate them. ;-) This arrangement works fine, in daemon mode,
and *without* logging to syslog.
Perhaps there is a problem with the RedHat implementation of Snort,
but it doesn't exist under Solaris.
Neil Dickey, Ph.D.
Northern Illinois University
More information about the Snort-users