[Snort-users] Configuring output plugins
darek at ...6535...
Fri Aug 9 09:16:02 EDT 2002
Hey guys, I am trying to send alerts for locally defined rules
(local.rules) to a logfile only, and all other alerts to Syslog.
In my snort.conf I defined:
output alert_full: snort.log
and in my local.rules I have:
art tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS ( whatever; )
It doesnt appear to work. I am trying to understand the docs but they
can be pretty tricky. Mayhaps someone could help with the syntax or shed
some light on the whole output plugin system.
Thanks in advance.
More information about the Snort-users