[Snort-users] Hi all

Matt Kettler mkettler at ...4108...
Fri Oct 1 10:11:14 EDT 2004


At 12:57 PM 10/1/2004, Raffael Maio wrote:
>I m looking to use the output plugin with snort. But when  I configure one 
>of them it said me : Unrecognized syslog facility/priority: 
>host=192.168.1.1:514
>
>I see on documentation that I could make an output plugin in the snort.conf.
>
>I do that and I put this exactly line:
>
>output alert_syslog: host=192.168.1.1:514, log_auth log_alert

That variant is *ONLY* supported on win32.. ARe you using a windows box? If 
not, remove the host statement. Also, make sure LOG_AUTH and LOG_ALERT are 
in caps, not lower case.

If you need to forward your logs to a different system on a unix box, 
configure your syslog.conf to forward the messages to the approprate 
server. How this is done depends on what syslogd you are using. Consult 
your manpages on syslog.conf.





More information about the Snort-users mailing list