[Snort-users] Logging acts strange in 1.8.3

John Sage jsage at ...2022...
Mon Mar 18 10:37:12 EST 2002


Kai:

For snort 1.8.2 build 86, at least, I have alerts going both to
syslog/logcheck and alert logging in /var/log/snort

Command line:

snort182 -b -i ppp0 -o -c /usr/local/snort-1.8.2/snort182.conf


Relevant lines in snort.conf:

<snip>
# alert_syslog: log alerts to syslog
# ----------------------------------
# Use one or more syslog facilities as arguments
#
# output alert_syslog: LOG_AUTH LOG_ALERT
output alert_syslog: LOG_DAEMON LOG_ALERT
# as from RELEASE 

# -------------------------------------------------
# output alert_full
output alert_full: /var/log/snort/alert182.full
# as from RELEASE
#
# attempt in snort182.conf for snort 1.8.2 11/25/01 - works ;-)
# attempt in snort18REL.conf for snort 1.8.1-RELEASE
# wasn't shown originally: works as from 1.7

<snip>

Note that the last syntax seems to have been dropped (if memory
serves me..) from the more recent snort.conf files, but I'm still
using the syntax given in snort 1.7 and it still works..


HTH..

- John
-- 
Most people don't type their own logfiles;  but, what do I care?



On Mon, Mar 18, 2002 at 05:05:18PM +0100, kai.hanisch at ...2897... wrote:
> 
> Thanks for the quick help, I had hoped that the -s switch would turn on logging to syslog in addition to the normal ASCII alert file. I would like to send alerts as mail (syslog->logcheck) but have them collected in html (SnortSnarf) as well. Is there any
> chance of doing so?
> 
> Regards
> 
> Kai




More information about the Snort-users mailing list