[Snort-users] Alert OR syslog?
Weiss, Jeffrey H.
Jeffrey.Weiss at ...7679...
Thu Dec 5 09:54:04 EST 2002
Thanks for your response.
Reasons for 3 types of logging (may not be good reasons):
1. Binary format allows analysis tools be leveraged (snortsnarf).
2. Alert log provides local easily perused/tailed indicator of nasties and
3. Syslog entries can be directed off-server to a remote central logging
I could work without the alert log but don't understand why enabling syslog
Not sure I understand your blame_cmg...new flag?
From: Alberto Gonzalez [mailto:albertg at ...7149...]
Sent: Thursday, December 05, 2002 2:00 PM
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Alert OR syslog?
In your command line, your doing binary logging (-b), full logging (-A
full) and syslog (-s).
I haven't tried todo both syslog and FULL (waste of time?).
When I run it with the following command snort seems to run fine:
/usr/local/bin/snort -c /etc/snort/snort.conf -I -A full -s blame_cmg -i rl0
So give that a try, im not sure why someone wants 3 logging mechanisms,
(sorry cmg for the syslog part :-)) <grin>
Weiss, Jeffrey H. wrote:
> I am wondering why I cannot get both an alert log written AND
> syslogging to occur.
> My command line invocation:
> snort -b -c /usr/local/etc/snort/snort.conf -I -A full -l
> /logs/UA/snort -s -i qfe0
> Pertinent snort.conf(?):
> output alert_syslog: LOG_ALERT
> Is there something too obvious here?
> Jeffrey Weiss
The secret to success is to start from scratch and keep on scratching.
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users