[Snort-users] Logging to Both Syslog and MySql

twig les twigles at ...131...
Thu Sep 19 11:22:04 EDT 2002

My syslog info in snort.conf looks like this (we
customized the facilities):

output alert_syslog: LOG_LOCAL2 LOG_ALERT

My /etc/syslog.conf has this line:
local2.alert                  @loghost

My /etc/hosts file has this line:                       loghost

Setting the loghost in syslog.conf is the proper way
to set this up on a *nix box; you dont have to bounce
syslog when the loghost changes.  As for how to set up
syslog in windows, your guess is as good as mine.  I
just wanted to get this answered for the *nix googlers
because this question seems to pop up once every two
months.  Sorry I couldn't be more helpful to you.  Oh
yeah, I *don't* use the "-s" switch to start snort.

--- doswald at ...6357... wrote:
> I know this subject has been covered before..I have
> tried to do my homework
> by searching the archives but I still don't seem to
> be able to find the
> answer to this issue.
> I am running the 1.8 version of snort on Windows
> 2000 server and I am
> trying to log both to a remote MySQL database and a
> remote syslog server
> with the following config in my snort.conf file
> output alert_syslog: LOG_AUTH LOG_ALERT
> host=
> output database: log, mysql, user=snort
> password=snort dbname=snort
> host= sensor_name=ids1
>  I do get information in database but not my syslog
> server, what am I
> missing ? Is this possible ?
> Thanks for any help in advance
> Dave
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
> Snort-users list archive:

Heavy metal made me do it.                        

Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!

More information about the Snort-users mailing list