[Snort-users] A little confused.
leandro at ...2252...
Fri Jun 15 17:37:16 EDT 2001
Forgive me for being this stupid, I guess I just ain't bright.
I installed Snort (thanks again to everyone for their help) and it
works. Now, since I installed LogCheck, I wanted Snort to throw the
logs out to syslog instead of the directories.
This would allow me to receive hourly reports on what Snort found.
So this is what I have come up with (as far as I understand) for the
/usr/local/bin/snort -c /etc/snort.conf -s -N -D
-c loads snort.conf
-s Log alerts sent to syslog
-N Turn off logging (I'm assuming this is in the directories? I don't
want it writing in the directories, just say what's up in the syslog)
Is that it?
Also, inside /etc/snort.conf
Does the entry of an IP number have to appear as:
var DNS_SERVERS [10.80.1.3]
var DNS_SERVERS 10.80.1.3
Thank you again for your time.
leandro asnaghi-nicastro - editor in chief
capital of nasty - http://www.capnasty.org
leandro at ...2252... - icq uin: 889318
Prayer does not change God, but changes him who prays.
-- Kierkegaard (1813-1855)
More information about the Snort-users