[Snort-users] Setting up snort to syslog diffrent priority's

Erek Adams erek at ...950...
Tue Apr 29 09:59:04 EDT 2003

On Tue, 29 Apr 2003, Jason A. Kates wrote:

> What I am looking to do is to have snort do remote logging via syslog.
> Currently all of the syslog messages received from my snort
> installation are being logged with a syslog level of info.
> I would like to map the snort Priorities to syslog levels and I don't
> seem to see how to do it.
> I would like to be able to setup a mapping such as:
> snort priority: 1  to syslog level err
> snort priority: 2  to syslog level warning
> snort priority: 3  to syslog level notice
> If my configurations or startup script would be of any use please let me
> know.

You might want to use syslog-ng [0].  You can build regex syslog configs.
That would allow you to send p2 alerts to warning, and so on.


Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

[0]	http://www.balabit.com/products/syslog_ng/

More information about the Snort-users mailing list