[Snort-users] Log to both mysql and log file?

Charles Heselton charles.heselton at ...11827...
Sat Aug 7 23:41:00 EDT 2004


On Sat, 07 Aug 2004 09:26:24 -0700, Lyndon Tiu <ltiu at ...12200...> wrote:
> Hello,
> 
> Could use some tips here.
> 
> Is it possible to log snort alerts to both mysql using acid and to log files using syslog under /var/log (or to the default /var/log/snort logs) ?
> 
> Thank you.
> 
> --
> 
> Lyndon Tiu
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by OSTG. Have you noticed the changes on
> Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
> one more big change to announce. We are now OSTG- Open Source Technology
> Group. Come see the changes on the new OSTG site. www.ostg.com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 

Yes it is.  Make sure your output lines in your snort.conf file look like this:

output database: log, mysql, dbname=snort user=xxxxx host=1.1.1.1
port=3306 sensor_name=1.1.1.1 detail=full encoding=ascii
output alert_full: /var/log/snort/alert
output alert_syslog: LOG_AUTH LOG_ALERT

This should get you all the logging you could ever want.  ;)

-- 
Charlie Heselton
Network Security Engineer




More information about the Snort-users mailing list