[Snort-users] logging to syslog

Madhav Diwan mdiwan at ...200...
Wed Feb 20 10:34:06 EST 2002


Thank you .. That works quite well.

Madhav



On Wed, 2002-02-20 at 11:14, Chris Green wrote:

Madhav Diwan <mdiwan at ...200...> writes:

> Is there a way to log alerts to the /var/log/secure file instead of
the
> /var/log/messages file?
>
>  I am using redhat 7.2  snort 1.8.3-5
> and the following commandline in /etc/init.d/snortd:
>
>       daemon /usr/sbin/snort -l /var/log/snort -d -D \
>                -i $INTERFACE -c /etc/snort/snort.conf
>
>  /etc/snort/snort.conf is configured to log to syslog
>
>  output alert_syslog: LOG_AUTH LOG_ALERT
>

rh 7.2 syslog.conf:
# The authpriv file has restricted access.
authpriv.*                     /var/log/secure

try:
output alert_syslog: LOG_AUTHPRIV LOG_ALERT

according to rh 7.2 syslog(3),

 LOG_AUTH
        security/authorization messages (DEPRECATED Use LOG_AUTHPRIV
instead)

 LOG_AUTHPRIV
              security/authorization messages (private)



obsd 3.0's

LOG_AUTH      The authorization system: login(1), su(1), getty(8), etc.

LOG_AUTHPRIV  The same as LOG_AUTH, but logged to a file readable only
by
              selected individuals.

so it does seem atleast 2 people agree that AUTHPRIV stuff goes to
secure which is where trusted admins can look rather than pimply faced
youths.

> but the messages end up in the messages file
> and i want them to go to the secure file as they did in snort 1.7.
>--
Chris Green <cmg at ...671...>
To err is human, to moo bovine.





Note: The information contained in this message may be privileged and confidential and protected from disclosure.  If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.  Thank you.  Wagner Weber & Williams




More information about the Snort-users mailing list