[Snort-users] Re: Syslog and Full Alerting
dzerkle at ...1512...
Fri Mar 9 16:10:20 EST 2001
John Delisle writes:
> Is it possible to use syslog and full alterting
> at the same time?
A three-minute look at the source seems to indicate that snort mostly ignores
the -A (alert style) option and -M (SMB alerting) if it gets the -s (syslog
I haven't delved into how these are activated through the config file, but it
may be possible to activate both of them from there. Snort.conf has a
commented-out line that shows how to activate the syslog output plugin.
I have e-mailed you a modified snort.c (for 1.7) that will at least make the
code pay attention to both -s and -A command-line options. I can't promise it
won't mess up the program elsewhere to have both of these activated, so test
it out very, very carefully.
More information about the Snort-users