[Snort-users] Remote syslogging of snort

Paul Schmehl pauls at ...6838...
Wed Jul 14 08:41:10 EDT 2004


I'm trying to set up snort to do remote sysloging.  So I put this line in 
the snort.conf file:

output alert_syslog: local1.debug

But when I restart snort, I get this error message in /var/log/messages:

 WARNING /usr/local/etc/snort.conf (419) => Unrecognized syslog 
facility/priority: local1.debug

Does snort not recognize the local logging facilities?  Or do I have a 
syntax error?

(/etc/syslog.conf reads "local1.debug    @{sysloghost}

Sysloghost /etc/syslog.conf reads "local1.debug     /var/log/snort.log)

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/




More information about the Snort-users mailing list