[Snort-users] Syslog trouble

Michael J Clark clarkmic at ...1016...
Wed May 30 09:22:27 EDT 2001


Im using RH7.1.  As per the previous message,  I tried -s 127.0.0.1 and 
no luck, get a parse error.  I tried making a daemon entry and changing 
it to LOG_DAEMON.  Still no luck :(



> 
> Michael:
> 
> You don't say what OS you're using, but I'm not sure that matters a lot 
> (well, it *may* matter some, but I dunno.. ;-)
> 
> Under Linux 2.2.14 I have in snort.conf:
> 
> # Use one or more syslog facilities as arguments
> # DAEMON = facility; ALERT = priority at man syslog.conf(5)
> #
> output alert_syslog: LOG_DAEMON LOG_ALERT
> 
> And in /etc/syslog.conf I have:
> 
> daemon.*          /var/log/daemon
> 
> and:
> 
> *.info;*.notice;*.warn;\
>       mail.none;news.none;authpriv.none     /var/log/messages
> 
> Messages appear specifically in /var/log/messages and /var/log/daemon
> 
> And messages are picked up out of those by Psionic's logcheck and mailed 
> to me on several boxen..
> 
> snort command line:
> 
> snort -b -i ppp0 -c /usr/local/snort-1.7/snort.conf &
> 
> HTH..
> 
> - John
> 
> -- 
> John Sage
> FinchHaven, Vashon Island, WA, USA
> http://www.finchhaven.com/
> mailto:jsage at ...2022...
> "The web is so, like, five minutes ago..."
> 
> Michael J Clark wrote:
> 
> > Hey guys,
> > 
> > Im sure this is an easy question but its been giving me trouble for a while.
> > 
> > I can't seem to get anything to log to syslog.  Logging is fine in the 
> > directories (Im using 1.7).
> > 
> > This is the command line:  snort -i eth1 -D -s -l /var/log/snort
> > 
> > in snort.conf Ive tried output: alert_syslog: LOG_AUTH LOG_INFO
> > 
> > I have also tried without that and still nothing.  Im testing with the rule
> > 
> > alert any any any <> any any (msg: "STUFF: ";)
> > 
> > 
> > I'd like to see the alerts go to /var/log/messages.  My syslog.conf looks 
> > to be ok.  Haven't changed it from the default (rh 7.1).
> > 
> > Please reply to my address as well (I use digests).  Thanks
> > 
> > 
> > Mike
> 





More information about the Snort-users mailing list