[Snort-users] Remote syslogging of snort

Paul Schmehl pauls at ...6838...
Wed Jul 14 11:24:08 EDT 2004


Perfect.  Thanks a lot.

--On Wednesday, July 14, 2004 12:14:54 PM -0400 sekure <sekure at ...11827...> 
wrote:

> http://www.snort.org/docs/snort_manual/node20.html
>
> What you want is: alert_syslog: LOG_LOCAL1 LOG_DEBUG
>
>
> On Wed, 14 Jul 2004 10:37:53 -0500, Paul Schmehl <pauls at ...6838...>
> wrote:
>> I'm trying to set up snort to do remote sysloging.  So I put this line in
>> the snort.conf file:
>>
>> output alert_syslog: local1.debug
>>
>> But when I restart snort, I get this error message in /var/log/messages:
>>
>> WARNING /usr/local/etc/snort.conf (419) => Unrecognized syslog
>> facility/priority: local1.debug
>>
>> Does snort not recognize the local logging facilities?  Or do I have a
>> syntax error?
>>
>> (/etc/syslog.conf reads "local1.debug    @{sysloghost}
>>
>> Sysloghost /etc/syslog.conf reads "local1.debug     /var/log/snort.log)
>>
>> Paul Schmehl (pauls at ...6838...)
>> Adjunct Information Security Officer
>> The University of Texas at Dallas
>> AVIEN Founding Member
>> http://www.utdallas.edu/ir/security/
>>
>> -------------------------------------------------------
>> This SF.Net email sponsored by Black Hat Briefings & Training.
>> Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
>> digital self defense, top technical experts, no vendor pitches,
>> unmatched networking opportunities. Visit www.blackhat.com
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>



Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/




More information about the Snort-users mailing list