[Snort-users] Remote Syslogging.

Demetri Mouratis dmourati at ...3877...
Fri Dec 6 09:55:02 EST 2002


On Fri, 6 Dec 2002, Patrick Williams wrote:

> I add the syslog switch, -s, and put this statement in my syslog.conf,
> "*snort*        @managmentserverIP           #Forward Snort msg to mgmt
> station"

First off, your syslog.conf syntax is wrong.  It should be :

auth.alert 	@managmentserverIP

Look at your snort.conf file for more info on the facility and priority
settings.

Make sure you have syslogd on managementserver configured to allow syslog
over UDP.  Under RedHat, you can do this by editting
/etc/sysconfig/syslog and additing the following line:

SYSLOGD_OPTIONS="-r -m 0"

Then restart syslog.

As it says there, man syslogd for more info.

HTH.
---------------------------------------------------------------------
Demetri Mouratis
dmourati at ...3878...





More information about the Snort-users mailing list