[Snort-users] Re: Syslog and Full Alerting

Dan Zerkle dzerkle at ...1512...
Fri Mar 9 16:10:20 EST 2001


John Delisle writes:
> Is it possible to use syslog and full alterting
> at the same time?

A three-minute look at the source seems to indicate that snort mostly ignores
the -A (alert style) option and -M (SMB alerting) if it gets the -s (syslog
alerting) option.

I haven't delved into how these are activated through the config file, but it
may be possible to activate both of them from there.  Snort.conf has a
commented-out line that shows how to activate the syslog output plugin.

I have e-mailed you a modified snort.c (for 1.7) that will at least make the
code pay attention to both -s and -A command-line options.  I can't promise it
won't mess up the program elsewhere to have both of these activated, so test
it out very, very carefully.

-Dan




More information about the Snort-users mailing list