[Snort-users] logging to syslog
cmg at ...671...
Wed Feb 20 08:15:25 EST 2002
Madhav Diwan <mdiwan at ...200...> writes:
> Is there a way to log alerts to the /var/log/secure file instead of the
> /var/log/messages file?
> I am using redhat 7.2 snort 1.8.3-5
> and the following commandline in /etc/init.d/snortd:
> daemon /usr/sbin/snort -l /var/log/snort -d -D \
> -i $INTERFACE -c /etc/snort/snort.conf
> /etc/snort/snort.conf is configured to log to syslog
> output alert_syslog: LOG_AUTH LOG_ALERT
rh 7.2 syslog.conf:
# The authpriv file has restricted access.
output alert_syslog: LOG_AUTHPRIV LOG_ALERT
according to rh 7.2 syslog(3),
security/authorization messages (DEPRECATED Use LOG_AUTHPRIV instead)
security/authorization messages (private)
LOG_AUTH The authorization system: login(1), su(1), getty(8), etc.
LOG_AUTHPRIV The same as LOG_AUTH, but logged to a file readable only by
so it does seem atleast 2 people agree that AUTHPRIV stuff goes to
secure which is where trusted admins can look rather than pimply faced
> but the messages end up in the messages file
> and i want them to go to the secure file as they did in snort 1.7.
Chris Green <cmg at ...671...>
To err is human, to moo bovine.
More information about the Snort-users