[Snort-users] Remote Syslog
radamson at ...2127...
Fri May 10 06:03:03 EDT 2002
Be aware that most Unix systems only forward syslog messages that were
generated internally by that particular Unix system using the method below.
If a syslog message arrives at this Unix system from another remote source,
this mechanism will not forward those messages.
> In your etc/syslog.conf file use the @ symbol to direct the syslog to a
> remote machine.
> I believe the line to add in syslog.conf is:
> LOG_LOCAL1 @x.x.x.x
> This will send all alerts to your remote syslog. It must match your
> output alert line in snort.conf
> output alert_syslog: LOG_LOCAL1 LOG_ALERT
> Your remote syslog server will need to have the appropriate settings
> installed in your syslog.conf.
> LOG_LOCAL1 /var/log/snort
More information about the Snort-users