[Snort-users] Alert OR syslog?
albertg at ...7149...
Thu Dec 5 08:59:03 EST 2002
In your command line, your doing binary logging (-b), full logging (-A
full) and syslog (-s).
I haven't tried todo both syslog and FULL (waste of time?).
When I run it with the following command snort seems to run fine:
/usr/local/bin/snort -c /etc/snort/snort.conf -I -A full -s blame_cmg -i rl0
So give that a try, im not sure why someone wants 3 logging mechanisms,
(sorry cmg for the syslog part :-)) <grin>
Weiss, Jeffrey H. wrote:
> I am wondering why I cannot get both an alert log written AND
> syslogging to occur.
> My command line invocation:
> snort -b -c /usr/local/etc/snort/snort.conf -I -A full -l
> /logs/UA/snort -s -i qfe0
> Pertinent snort.conf(?):
> output alert_syslog: LOG_ALERT
> Is there something too obvious here?
> Jeffrey Weiss
The secret to success is to start from scratch and keep on scratching.
More information about the Snort-users