[Snort-users] Syslog trouble
jsage at ...2022...
Wed May 30 09:00:51 EDT 2001
You don't say what OS you're using, but I'm not sure that matters a lot
(well, it *may* matter some, but I dunno.. ;-)
Under Linux 2.2.14 I have in snort.conf:
# Use one or more syslog facilities as arguments
# DAEMON = facility; ALERT = priority at man syslog.conf(5)
output alert_syslog: LOG_DAEMON LOG_ALERT
And in /etc/syslog.conf I have:
Messages appear specifically in /var/log/messages and /var/log/daemon
And messages are picked up out of those by Psionic's logcheck and mailed
to me on several boxen..
snort command line:
snort -b -i ppp0 -c /usr/local/snort-1.7/snort.conf &
FinchHaven, Vashon Island, WA, USA
mailto:jsage at ...2022...
"The web is so, like, five minutes ago..."
Michael J Clark wrote:
> Hey guys,
> Im sure this is an easy question but its been giving me trouble for a while.
> I can't seem to get anything to log to syslog. Logging is fine in the
> directories (Im using 1.7).
> This is the command line: snort -i eth1 -D -s -l /var/log/snort
> in snort.conf Ive tried output: alert_syslog: LOG_AUTH LOG_INFO
> I have also tried without that and still nothing. Im testing with the rule
> alert any any any <> any any (msg: "STUFF: ";)
> I'd like to see the alerts go to /var/log/messages. My syslog.conf looks
> to be ok. Haven't changed it from the default (rh 7.1).
> Please reply to my address as well (I use digests). Thanks
More information about the Snort-users