[Snort-users] A little Off Topic : syslog configuration

Jyri Hovila jyri.hovila at ...2940...
Tue Sep 16 12:48:04 EDT 2003


Hi!

DM> How would one configure syslog.conf to force all
DM> messages coming from say host1 into a particular file ex. /var/log/host1.log

What I did was that I replaced syslog with syslog-ng. First of all that
enables you to send syslog events to central server via TCP instead of
UDP. If you wish you can easily wrap the traffic into SSL tunnel with
stunnel. And it's a piece of cake to divide Snort logs into separate
directories based on hosts. I started using syslog-ng couple of months
ago and I'm definately going to stick with it. =)

Check out http://www.campin.net/syslog-ng/expanded-syslog-ng.conf for an
example. Look for line "#  Special catch all destination sorting by
host".

- Jyri





More information about the Snort-users mailing list