[Snort-users] RE: Alert OR syslog?
L. Christopher Luther
CLuther at ...6333...
Fri Dec 6 09:58:02 EST 2002
Snort's command line directives sometimes do "strange" (my opinion only)
things, so it is possible that by specifying two alert facilities on the
command line, one is taking precedence over the other.
Instead, I use output directives in the snort.conf file to specify multiple
log and/or alert facilities. Have you tried placing the following in your
output alert_full: alert.ids
alert_syslog: LOG_AUTH LOG_ALERT
And removing the "-A fast" and "-s" command line options? This will alert
first to the ASCII file alert.ids, then to the syslog facility.
From: "Weiss, Jeffrey H." <Jeffrey.Weiss at ...7679...>
To: snort-users at lists.sourceforge.net
Date: Thu, 5 Dec 2002 08:51:05 -0700
Subject: Alert OR syslog?
I am wondering why I cannot get both an alert log written AND syslogging to
My command line invocation:
snort -b -c /usr/local/etc/snort/snort.conf -I -A full -l /logs/UA/snort -s
output alert_syslog: LOG_ALERT
Is there something too obvious here?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users