[Snort-users] how to make a single unified syslog file
fancyblue_kurt at ...131...
Wed Jul 14 12:08:17 EDT 2004
I would like to snort to output log messages to
syslogd,and use logrotate to execute log file
the following is my configuration of snort and syslog
#Step 1: Set the network variables:
var HOME_NET 10.0.0.0/24
var EXTERNAL_NET any
# Step #2: Configure preprocessors
preprocessor stream4: detect_scans,
preprocessor flow: stats_interval 0 hash 2
preprocessor frag2: timout 60, memcap 4194304
preprocessor portscan: $HOME_NET 5 60
# Step #3: Configure output plugins
output alert_syslog: LOG_AUTH LOG_ALERT
However, snort not only generate snort.log file but
also produce some other files. What i whant is just
one single file containing all NIDS findings which can
be managed by syslogd.
Could someone help me to solve this problem?
By the way, i would also like to know how to compile
snort with static library. In some previous posts, it
is said to configure LDFLAG=static, but I really need
more detailed infor about it.
Thank you in advance.
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
More information about the Snort-users