[Snort-users] logging to syslog

Madhav Diwan mdiwan at ...200...
Wed Feb 20 10:34:06 EST 2002

Thank you .. That works quite well.


On Wed, 2002-02-20 at 11:14, Chris Green wrote:

Madhav Diwan <mdiwan at ...200...> writes:

> Is there a way to log alerts to the /var/log/secure file instead of
> /var/log/messages file?
>  I am using redhat 7.2  snort 1.8.3-5
> and the following commandline in /etc/init.d/snortd:
>       daemon /usr/sbin/snort -l /var/log/snort -d -D \
>                -i $INTERFACE -c /etc/snort/snort.conf
>  /etc/snort/snort.conf is configured to log to syslog
>  output alert_syslog: LOG_AUTH LOG_ALERT

rh 7.2 syslog.conf:
# The authpriv file has restricted access.
authpriv.*                     /var/log/secure

output alert_syslog: LOG_AUTHPRIV LOG_ALERT

according to rh 7.2 syslog(3),

        security/authorization messages (DEPRECATED Use LOG_AUTHPRIV

              security/authorization messages (private)

obsd 3.0's

LOG_AUTH      The authorization system: login(1), su(1), getty(8), etc.

LOG_AUTHPRIV  The same as LOG_AUTH, but logged to a file readable only
              selected individuals.

so it does seem atleast 2 people agree that AUTHPRIV stuff goes to
secure which is where trusted admins can look rather than pimply faced

> but the messages end up in the messages file
> and i want them to go to the secure file as they did in snort 1.7.
Chris Green <cmg at ...671...>
To err is human, to moo bovine.

Note: The information contained in this message may be privileged and confidential and protected from disclosure.  If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.  Thank you.  Wagner Weber & Williams

More information about the Snort-users mailing list