[Snort-users] Configuring output plugins

darek darek at ...6535...
Fri Aug 9 09:16:02 EDT 2002

Hey guys, I am trying to send alerts for locally defined rules 
(local.rules) to a logfile only, and all other alerts to Syslog.

In my snort.conf I defined:
ruletype art
  type log
  output alert_full: snort.log

and in my local.rules I have:
art tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS ( whatever; )

It doesnt appear to work. I am trying to understand the docs but they 
can be pretty tricky. Mayhaps someone could help with the syntax or shed 
some light on the whole output plugin system.

Thanks in advance.

More information about the Snort-users mailing list