[Snort-users] A little confused.

Leandro Asnaghi-Nicastro leandro at ...2252...
Fri Jun 15 17:37:16 EDT 2001


Howdy.

Forgive me for being this stupid, I guess I just ain't bright.

I installed Snort (thanks again to everyone for their help) and it 
works.  Now, since I installed LogCheck, I wanted Snort to throw the 
logs out to syslog instead of the directories.

This would allow me to receive hourly reports on what Snort found.

So this is what I have come up with (as far as I understand) for the 
command line:

/usr/local/bin/snort -c /etc/snort.conf -s -N -D

So:

-c loads snort.conf
-s Log alerts sent to syslog
-N Turn off logging (I'm assuming this is in the directories?  I don't 
want it writing in the directories, just say what's up in the syslog)
-D daemon

Is that it?

Also, inside /etc/snort.conf

Does the entry of an IP number have to appear as:

var DNS_SERVERS [10.80.1.3]

Or?

var DNS_SERVERS 10.80.1.3

Again, sorry.
Thank you again for your time.
___ 
leandro asnaghi-nicastro - editor in chief 
capital of nasty - http://www.capnasty.org 
leandro at ...2252... - icq uin: 889318  
 
Prayer does not change God, but changes him who prays.
 -- Kierkegaard (1813-1855)




More information about the Snort-users mailing list