[Snort-users] ruletype bug?

John_Delisle at ...1523... John_Delisle at ...1523...
Fri Mar 16 11:40:41 EST 2001

Hi everyone,

I'm trying to build a conf file that will have two types of alerts, one
called onlylog and one called alertsyslog.  They should both do full
logging, but alertsyslog should also send messages to syslog.

Here are my ruletype definitions:

ruletype onlylog
   type log
   output alert_full: /tmp/onlylog

ruletype alertsyslog
   type alert
   output alert_syslog: LOG_AUTH LOG_ALERT
   output alert_full: /tmp/alertsyslog

I've changed all my rules to use these two ruletypes.  When I start snort,
it just dies with no errors.  I'm using the following command line:

snort -c /var/log/snort/rules/rules.conf -d -D -e -i eth1

John Delisle
Corporate Technology
Ceridian Canada Ltd

More information about the Snort-users mailing list