[Snort-users] Output Plugins

Karl Lovink karl at ...500...
Sat Mar 17 12:44:20 EST 2001


You can't. Snort will send the syslog output to the /dev/log special file
and the syslogd reads this special file. What you can do in your
/etc/syslogd.conf file is that you will send the snort logging to a
remote syslogd daemon.

e.g.

/etc/syslogd.conf:
local4.debug		@loghost

/etc/hosts or DNS
<ipaddress> 	loghost

Cheers and beers,

Karl


On Sat, 17 Mar 2001, Frank Knobbe wrote:

> Oops... okay, so I missed the facility.
>
> But the question remains. How do I specify what syslog server to send
> the messages to? Apparently only with the command line argument -s,
> but when I use that, the command line overrides the plug-in, in which
> case it still does not create the alert.ids file in addition to
> syslog messages. How do you get both?
>
> Frank
>
> > -----Original Message-----
> > From: Martin Roesch [mailto:roesch at ...421...]
> > Sent: Friday, March 16, 2001 10:37 PM
> >
> > Valid vales for the syslog output plugin:
> > [...]
>
>
> ----------------------------------------------------------------------
> gpg: Warning: using insecure memory!
> gpg: Signature made Sat 17 Mar 2001 06:30:02 PM CET using DSA key ID 3282D105
> gpg: Can't check signature: public key not found
> ----------------------------------------------------------------------
>

-- 
-----------------------------------------------------------------------------
    ( )       Karl Lovink RI
  } @ @ {     INU Consultancy - DE Internet en UNIX Security specialisten
-- |___| --   Email      : karl at ...500...
  _/   \_     TEL        : 31-570-658010    FAX    : 31-570-658012





More information about the Snort-users mailing list