[Snort-users] Output Plugins

Frank Knobbe FKnobbe at ...649...
Fri Mar 16 18:23:46 EST 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hmm.... just tried that. My snort.conf includes:

output alert_full: alert.ids
output alert_syslog: LOGALERT

I'm calling snort with: -A full -c snort.conf -d -o -i 1 -l c:\snort
- -s server

The problem is that the command line parameters override the alert
plug-ins. I can not find anything in the docs how I specify what
syslog server to send the syslog message to. I'm using the Win32
port, btw. According to the doc I have to use the -s option, but then
it disables the log file... :(  How do you use both under Win32?

Frank



> -----Original Message-----
> From: John Kiehnle [mailto:john at ...1477...]
> Sent: Thursday, March 15, 2001 3:48 PM
> 
> alert_full:<output filename>

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.

iQA/AwUBOrKggpytSsEygtEFEQLkXwCgukjLTOJ++A3TjTFE/oWmnqSlvgQAmwTr
ULjtkDFyn4SEf1E3gAarDziT
=LqrF
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list