[Snort-users] Sylog-ng _and_ Mysql with Snort 2.0.0

Thomas Bechtold thomas at ...9508...
Thu Jun 19 06:46:01 EDT 2003


I tested Snort now with the following cmd-line Options
snort -i eth0 -U -o -c /etc/snort/conf/snort.eth0.conf -D

In my snort.eth0.conf file is the following line:
output alert_syslog: LOG_AUTH LOG_ALERT
I comment out the line with mysql, so now i only want to log to syslog-ng now. 
I think the Problem is syslog, because mysql without syslog works. Mysql 
_and_ syslog or only syslog doesn't work.

Syslog-ng is up and running, but it doesn't log.
Here is my syslog-ng Config-File:
<--------------------------------
source src {
	internal();
	unix-dgram("/dev/log");
}

//For testing log to localhost, later to remote Machine
destination localhost {
              file("/var/log/snortlog.all");
};
//Logging
log {
             source(src); destination(localhost);
};
------------------------------->

So anyone has anwers for my question why syslog doesn't work?

Thomas Bechtold



> > On Thu, 19 Jun 2003, Thomas Bechtold wrote:
> > I start Snort in Chroot-jail and with the Parameter '-s' for Syslog.
> > In my snort.eth0.conf are the following lines:
> > output database: alert, mysql, user=xxx password=xxx dbname=snort_log
> > output alert_syslog: LOG_AUTH LOG_ALERT
>
> Maybe -s on the commandline override all other output options declared in
> snort.conf.
> Remove -s from commandline and keep the two output-lines in snort.conf.
>
> Does it work? (I don't know, I'm guessing)
>
> /Martin





More information about the Snort-users mailing list