[Snort-users] Setting up snort to syslog diffrent priority's
Erek Adams
erek at ...950...
Tue Apr 29 09:59:04 EDT 2003
On Tue, 29 Apr 2003, Jason A. Kates wrote:
> What I am looking to do is to have snort do remote logging via syslog.
>
> Currently all of the syslog messages received from my snort
> installation are being logged with a syslog level of info.
>
> I would like to map the snort Priorities to syslog levels and I don't
> seem to see how to do it.
>
> I would like to be able to setup a mapping such as:
> snort priority: 1 to syslog level err
> snort priority: 2 to syslog level warning
> snort priority: 3 to syslog level notice
>
>
> If my configurations or startup script would be of any use please let me
> know.
You might want to use syslog-ng [0]. You can build regex syslog configs.
That would allow you to send p2 alerts to warning, and so on.
Cheers!
-----
Erek Adams
"When things get weird, the weird turn pro." H.S. Thompson
[0] http://www.balabit.com/products/syslog_ng/
More information about the Snort-users
mailing list