[Snort-users] Setting up snort to syslog diffrent priority's

Erek Adams erek at ...950...
Tue Apr 29 09:59:04 EDT 2003


On Tue, 29 Apr 2003, Jason A. Kates wrote:

> What I am looking to do is to have snort do remote logging via syslog.
>
> Currently all of the syslog messages received from my snort
> installation are being logged with a syslog level of info.
>
> I would like to map the snort Priorities to syslog levels and I don't
> seem to see how to do it.
>
> I would like to be able to setup a mapping such as:
> snort priority: 1  to syslog level err
> snort priority: 2  to syslog level warning
> snort priority: 3  to syslog level notice
>
>
> If my configurations or startup script would be of any use please let me
> know.

You might want to use syslog-ng [0].  You can build regex syslog configs.
That would allow you to send p2 alerts to warning, and so on.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]	http://www.balabit.com/products/syslog_ng/




More information about the Snort-users mailing list