[Snort-users] output alert_syslog

Giovanni P. Tirloni gpt at ...8000...
Tue Jan 14 11:06:03 EST 2003


Hi,

 I've configured snort 1.9.0 to use syslog and edited syslog.conf so it logs
 local5.alert to /var/log/snort.alert but it's logging to that file AND
 /var/log/messages. I'd like to log to snort.alert only.
 
 Here is the relevant information:
 
 snort.conf:
 
 [...]
 output alert_syslog: LOG_LOCAL5 LOG_ALERT
 output log_unified: filename snort.log, limit 128
 [...]


 syslog.conf:
 
 *.err;*.notice;kern.debug;lpr.info;mail.crit;news.err   /var/log/messages
 security.*                                      /var/log/security
 auth.notice;auth.info;authpriv.info             /var/log/auth.log
 mail.info                                       /var/log/maillog
 cron.*                                          /var/log/cron
 *.emerg                                         *
 local5.alert                                    /var/log/snort.alert
 console.info                                    /var/log/console.log
 
 
 # ls -l /var/log/snort.alert
 -rw-r--r--  1 root  wheel  2015 Jan 14 16:45 snort.alert
 
 # ls -l /var/log/snort/
 -rw-r--r--  1 snort  snort  489509 Jan 14 16:54 scan.log
 -rw-r--r--  1 snort  snort    1119 Jan 14 16:45 snort.alert
 -rw-r--r--  1 snort  snort     452 Jan 14 12:56 snort.log.1042555093
 -rw-r--r--  1 snort  snort     514 Jan 14 12:58 snort.log.1042556289
 -rw-r--r--  1 snort  snort      24 Jan 14 16:40 snort.log.1042569610
 
 I'm running snort with this command line:
 
  /usr/local/bin/snort -D -c /usr/local/etc/snort.conf -i fxp0 -p -z -u snort \
  -g snort -m 022

 Thanks in advance (and sorry if it is obvious),
 
--
Giovanni P. Tirloni
gpt at ...8000...




More information about the Snort-users mailing list