[Snort-users] Logging to Both Syslog and MySql

twig les twigles at ...131...
Thu Sep 19 11:22:04 EDT 2002


My syslog info in snort.conf looks like this (we
customized the facilities):

output alert_syslog: LOG_LOCAL2 LOG_ALERT

My /etc/syslog.conf has this line:
local2.alert                  @loghost

My /etc/hosts file has this line:
1.1.1.1                       loghost

Setting the loghost in syslog.conf is the proper way
to set this up on a *nix box; you dont have to bounce
syslog when the loghost changes.  As for how to set up
syslog in windows, your guess is as good as mine.  I
just wanted to get this answered for the *nix googlers
because this question seems to pop up once every two
months.  Sorry I couldn't be more helpful to you.  Oh
yeah, I *don't* use the "-s" switch to start snort.


--- doswald at ...6357... wrote:
> I know this subject has been covered before..I have
> tried to do my homework
> by searching the archives but I still don't seem to
> be able to find the
> answer to this issue.
> 
> I am running the 1.8 version of snort on Windows
> 2000 server and I am
> trying to log both to a remote MySQL database and a
> remote syslog server
> with the following config in my snort.conf file
> 
> output alert_syslog: LOG_AUTH LOG_ALERT
> host=172.16.9.38
> 
> output database: log, mysql, user=snort
> password=snort dbname=snort
> host=172.16.9.38 sensor_name=ids1
> 
>  I do get information in database but not my syslog
> server, what am I
> missing ? Is this possible ?
> 
> Thanks for any help in advance
> 
> Dave
> 
> 
> 
> 
>
-------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
Heavy metal made me do it.                        
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com




More information about the Snort-users mailing list