[Snort-users] Output Plugins

Martin Roesch roesch at ...421...
Fri Mar 16 23:37:05 EST 2001


Valid vales for the syslog output plugin:

openlog options:
LOG_CONS
LOG_NDELAY
LOG_PERROR
LOG_PID

syslog facilities:
LOG_AUTHPRIV
LOG_AUTH
LOG_DAEMON

syslog priorities:
LOG_EMERG
LOG_ALERT
LOG_CRIT
LOG_ERR
LOG_WARNING
LOG_NOTICE
LOG_INFO
LOG_DEBUG

This is all in the Writing Snort Rules document at snort.org...

    -Marty


Frank Knobbe wrote:

> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> hmm.... just tried that. My snort.conf includes:
> 
> output alert_full: alert.ids
> output alert_syslog: LOGALERT
> 
> I'm calling snort with: -A full -c snort.conf -d -o -i 1 -l c:\snort
> - -s server
> 
> The problem is that the command line parameters override the alert
> plug-ins. I can not find anything in the docs how I specify what
> syslog server to send the syslog message to. I'm using the Win32
> port, btw. According to the doc I have to use the -s option, but then
> it disables the log file... :(  How do you use both under Win32?
> 
> Frank
> 
> > -----Original Message-----
> > From: John Kiehnle [mailto:john at ...1477...]
> > Sent: Thursday, March 15, 2001 3:48 PM
> >
> > alert_full:<output filename>
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Personal Privacy 6.5.8
> Comment: PGP or S/MIME encrypted email preferred.
> 
> iQA/AwUBOrKggpytSsEygtEFEQLkXwCgukjLTOJ++A3TjTFE/oWmnqSlvgQAmwTr
> ULjtkDFyn4SEf1E3gAarDziT
> =LqrF
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list