[Snort-users] Alert OR syslog?

Alberto Gonzalez albertg at ...7149...
Thu Dec 5 08:59:03 EST 2002


In your command line, your doing binary logging (-b), full logging (-A 
full) and syslog (-s).
I haven't tried todo both syslog and FULL (waste of time?).

When I run it with the following command snort seems to run fine:

/usr/local/bin/snort -c /etc/snort/snort.conf -I -A full -s blame_cmg -i rl0

So give that a try, im not sure why someone wants 3 logging mechanisms, 
but hey!

Cheers!

   - Alberto

(sorry cmg for the syslog part :-)) <grin>


Weiss, Jeffrey H. wrote:

> I am wondering why I cannot get both an alert log written AND 
> syslogging to occur.
>
> My command line invocation:
> snort -b -c /usr/local/etc/snort/snort.conf -I -A full -l 
> /logs/UA/snort -s -i qfe0
>
> Pertinent snort.conf(?):
> output alert_syslog: LOG_ALERT
>
> Is there something too obvious here?
> Thanks!
> Jeffrey Weiss
>

-- 
The secret to success is to start from scratch and keep on scratching.






More information about the Snort-users mailing list