[Snort-users] Output Plugins

Frank Knobbe FKnobbe at ...649...
Sat Mar 17 13:23:34 EST 2001

Hash: SHA1

I'm sorry, I should have mentioned again in the follow up that I'm
running the Win32 port of Snort. Since NT does not have a native
syslog daemon, you need to specify a syslog server with the command
line argument -s. And that seems to be turning off the ability to log
into a file (in addition to syslog), since cmd line args override the
output options.


> -----Original Message-----
> From: Karl Lovink [mailto:karl at ...500...]
> Sent: Saturday, March 17, 2001 11:44 AM
> You can't. Snort will send the syslog output to the /dev/log 
> special file
> and the syslogd reads this special file. What you can do in your
> /etc/syslogd.conf file is that you will send the snort logging to a
> remote syslogd daemon.
> On Sat, 17 Mar 2001, Frank Knobbe wrote:
> > But the question remains. How do I specify what syslog 
> server to send
> > the messages to? Apparently only with the command line argument
> > -s, but when I use that, the command line overrides the 
> plug-in, in which
> > case it still does not create the alert.ids file in addition to
> > syslog messages. How do you get both?

Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.


More information about the Snort-users mailing list