[Snort-users] Configuring output plugins

darek darek at ...6535...
Fri Aug 9 09:16:02 EDT 2002


Hey guys, I am trying to send alerts for locally defined rules 
(local.rules) to a logfile only, and all other alerts to Syslog.

In my snort.conf I defined:
ruletype art
{
  type log
  output alert_full: snort.log
}

and in my local.rules I have:
art tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS ( whatever; )

It doesnt appear to work. I am trying to understand the docs but they 
can be pretty tricky. Mayhaps someone could help with the syntax or shed 
some light on the whole output plugin system.

Thanks in advance.





More information about the Snort-users mailing list