[Snort-users] Logging Question
radamson at ...2127...
Mon Jun 11 21:21:59 EDT 2001
> What is the differene between using the -s option to log to syslog and
> the output plugin:
> output alert_syslog: LOG_AUTH LOG_ALERT ?
> and should/could I be using both at the same time ??
The "-s 10.0.0.1" option directs the syslog output to an IP address on
the default udp port 514.
The "output alert_syslog..." option is apparently supposed to set the
syslog Facility (LOG_AUTH) and Priority (LOG_ALERT) level used when sending
syslog messages. However, a recent analysis of the v1.7 source code
indicates these two options (Facility and Priority) were never implemented
correctly (or it's incomplete code), and thus changing the Facility and/or
Priority using this mechanism does not function. The only way that I've
found to change the Facility and/or Priority is by changing the source code
More information about the Snort-users