[Snort-users] Remote Syslog

Rich Adamson radamson at ...2127...
Fri May 10 06:03:03 EDT 2002


Be aware that most Unix systems only forward syslog messages that were
generated internally by that particular Unix system using the method below. 
If a syslog message arrives at this Unix system from another remote source, 
this mechanism will not forward those messages.

------------------------
> In your etc/syslog.conf file use the @ symbol to direct the syslog to a
> remote machine.
> 
> I believe the line to add in syslog.conf is:
> 
> LOG_LOCAL1		@x.x.x.x
> 
> This will send all alerts to your remote syslog. It must match your
> output alert line in snort.conf
> 
> output alert_syslog: LOG_LOCAL1 LOG_ALERT
> 
> Your remote syslog server will need to have the appropriate settings
> installed in your syslog.conf.
> 
> LOG_LOCAL1		/var/log/snort
> 







More information about the Snort-users mailing list