[Snort-users] Problems logging to syslog and mysql simultaneously

dlpassport at ...6137... dlpassport at ...6137...
Thu Jun 20 05:26:03 EDT 2002

Per our discussion yesterday, I am still having similar problems.  I am
unable to log to a local syslog without a command line switch.

The -s x.x.x.x:xxx does work on Win32... but when using this option, all
other outputs are disabled.  Even with the

output alert_syslog: LOG_AUTH LOG_ALERT

output alert_full

in my snort.conf, I am still experiencing the problem.  Does anyone have a
snort.conf that works?  Is there any "order of operations" or sequence with
the conf options?

Also.. Michael... the Kiwi syslog server does RegExp checking and can run an
executable based on a RegExp match.  Have this trip a batch file which calls
Blat to send an e-mail.  This should work well for you.  Not as clean as
swatch, but it works.

Thanks... DL

-----Original Message-----

From: Steven Williams [mailto:Steven.Williams at ...4864...]

Sent: Wednesday, June 19, 2002 9:33 PM

To: 'snort-users at lists.sourceforge.net'

Subject: [Snort-users] RE: Problems logging to syslog and mysql

I've had exactly the same problem with my setup.

I can get snort to log to either Syslog locally or remotely, but not at the
same time as logging to the remote database.

I've tried both the -s options on the command line, and also Michaels
suggestions within snort.conf, but it will only let me have one or the
other, and the -s option does turn on or off the syslog option. Changing any
parameters with snort.conf don't seem to make any difference.

This is with snort 1.8.7-MySQL-Win32 Build 121 on W2K Server, using Kiwi
Syslog Server Ver 6.4.9. I am logging remotely to another W2K server also
running the same version of Kiwi and MySql 3.23.40.



This email and any files transmitted with it are solely intended for the use
of the

addressee(s) and may contain information that is confidential and
privileged. If you receive this email in error, please advise us by return
email immediately. Please also disregard the contents of the email, delete
it and destroy any copies immediately. Computershare Limited and its
subsidiaries do not accept liability for the views expressed in the email or
for the consequences of any computer viruses that may be transmitted with
this email

This email is also subject to copyright. No part of it should be reproduced,
adapted or

transmitted without the written consent of the copyright owner.


Bringing you mounds of caffeinated joy

>>> http://thinkgeek.com/sf <<<


Snort-users mailing list

Snort-users at lists.sourceforge.net

Go to this URL to change user options or unsubscribe:

Snort-users list archive:

More information about the Snort-users mailing list