[Snort-users] Syslog trouble
Michael J Clark
clarkmic at ...1016...
Tue May 29 14:09:44 EDT 2001
Im sure this is an easy question but its been giving me trouble for a while.
I can't seem to get anything to log to syslog. Logging is fine in the
directories (Im using 1.7).
This is the command line: snort -i eth1 -D -s -l /var/log/snort
in snort.conf Ive tried output: alert_syslog: LOG_AUTH LOG_INFO
I have also tried without that and still nothing. Im testing with the rule
alert any any any <> any any (msg: "STUFF: ";)
I'd like to see the alerts go to /var/log/messages. My syslog.conf looks
to be ok. Haven't changed it from the default (rh 7.1).
Please reply to my address as well (I use digests). Thanks
More information about the Snort-users