[Snort-users] Repost: Syslog, but I don't want it
Marc.Thompson at ...2101...
Sun Jun 3 21:56:49 EDT 2001
As requested, my snort config without comment lines. I earlier
hypothesized that the lack of the '-l' command-line argument
to snort caused it to log to syslog by default. My hypothesis
turned out to be wrong, though.
So, I'm still having the problem.
My current snort command line is:
snort -c /etc/snort/snort.conf -i eth1 -Dd -l /var/log/snort
** Snort conf file. Only thing different is that I've
obfuscated the IP addresses.
var HOME_NET xxx.xxx.xxx.xxx/xxx
var EXTERNAL_NET any
preprocessor http_decode: 80 8080
preprocessor portscan: $HOME_NET 4 3 portscan.log
output log_tcpdump: tcpdump.out
output database: log, mysql, user=snort password=xxxx dbname=snort host=xxxx
IT Site Manager
7800 Shoal Creek Blvd. Suite 200N
Austin, TX 78757
This message is for the sole use of the intended recipient(s) and may
confidential and privileged information. Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are not the intended
please contact the sender and destroy all copies of the original message.
From: Fyodor [mailto:fygrave at ...121...]
Sent: Saturday, June 02, 2001 5:03 AM
To: Marc Thompson
Cc: 'snort-users at lists.sourceforge.net'; 'joey at ...155...'
Subject: Re: [Snort-users] Repost: Syslog, but I don't want it
On Fri, Jun 01, 2001 at 10:10:10AM -0500, Marc Thompson wrote:
> You recommended that I run snort without the -D (Daemon-mode)
> option. I tried this, ran nmap, alerts fired but weren't sent
> to syslog. This is the behavior that I want, so your idea worked.
> So, it seems that running snort in Daemon mode enables syslog
> logging via the LOCAL facility. I imagine that this is by design.
By design only errors and warnings are logged via syslog if it's running
in daemon mode.
> What do you recommend I try next? Bug report? Enhancement Request?
Well, if you chould show us relevant snippets of the configuration file,
so we could reproduce 'the bug', it would be helpful indeed. :)
More information about the Snort-users