[Snort-users] ruletype bug?

John_Delisle at ...1523... John_Delisle at ...1523...
Fri Mar 16 11:40:41 EST 2001


Hi everyone,

I'm trying to build a conf file that will have two types of alerts, one
called onlylog and one called alertsyslog.  They should both do full
logging, but alertsyslog should also send messages to syslog.

Here are my ruletype definitions:

ruletype onlylog
{
   type log
   output alert_full: /tmp/onlylog
}

ruletype alertsyslog
{
   type alert
   output alert_syslog: LOG_AUTH LOG_ALERT
   output alert_full: /tmp/alertsyslog
}


I've changed all my rules to use these two ruletypes.  When I start snort,
it just dies with no errors.  I'm using the following command line:

snort -c /var/log/snort/rules/rules.conf -d -D -e -i eth1


John Delisle
Corporate Technology
Ceridian Canada Ltd
204-975-5909





More information about the Snort-users mailing list