[Snort-users] A little Off Topic : syslog configuration

Erek Adams erek at ...950...
Wed Sep 17 05:52:05 EDT 2003

On Tue, 16 Sep 2003, Dave Morrow wrote:

> Hi all. My question is a little off topic, but hopefully someone will be
> kind enough to lend a hand.
> I am in the process of actually performing some intrusion detection, using
> Snort, ACID, etc. and am having some degree of difficulties with Syslog.
> What I would like to do is have syslog messages which originate from a
> specific host, put in a specific logfile for insertion into the snort
> database by logsnorter.  How would one configure syslog.conf to force all
> messages coming from say host1 into a particular file ex. /var/log/host1.log

Two things:

  * I don't think that 'standard' syslog (vixie style) can do that.
You'll have to move to syslog-ng or something like it.  Perhaps Metalog
(Gentoo linux distro).
  * Dude, trim the default sig your company has!  :)  You've got 4 penalty
drinks [0] just from that!  You'll get obliterated by the time you read
your email for the day!  ;-)

Cheers!  *clink*  ;-)

Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

[0]	http://www.theadamsfamily.net/~erek/snort/drinking_game.txt

More information about the Snort-users mailing list