[Snort-users] A little Off Topic : syslog configuration
erek at ...950...
Wed Sep 17 05:52:05 EDT 2003
On Tue, 16 Sep 2003, Dave Morrow wrote:
> Hi all. My question is a little off topic, but hopefully someone will be
> kind enough to lend a hand.
> I am in the process of actually performing some intrusion detection, using
> Snort, ACID, etc. and am having some degree of difficulties with Syslog.
> What I would like to do is have syslog messages which originate from a
> specific host, put in a specific logfile for insertion into the snort
> database by logsnorter. How would one configure syslog.conf to force all
> messages coming from say host1 into a particular file ex. /var/log/host1.log
* I don't think that 'standard' syslog (vixie style) can do that.
You'll have to move to syslog-ng or something like it. Perhaps Metalog
(Gentoo linux distro).
* Dude, trim the default sig your company has! :) You've got 4 penalty
drinks  just from that! You'll get obliterated by the time you read
your email for the day! ;-)
Cheers! *clink* ;-)
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users