[Snort-users] Hi all
mkettler at ...4108...
Fri Oct 1 10:11:14 EDT 2004
At 12:57 PM 10/1/2004, Raffael Maio wrote:
>I m looking to use the output plugin with snort. But when I configure one
>of them it said me : Unrecognized syslog facility/priority:
>I see on documentation that I could make an output plugin in the snort.conf.
>I do that and I put this exactly line:
>output alert_syslog: host=192.168.1.1:514, log_auth log_alert
That variant is *ONLY* supported on win32.. ARe you using a windows box? If
not, remove the host statement. Also, make sure LOG_AUTH and LOG_ALERT are
in caps, not lower case.
If you need to forward your logs to a different system on a unix box,
configure your syslog.conf to forward the messages to the approprate
server. How this is done depends on what syslogd you are using. Consult
your manpages on syslog.conf.
More information about the Snort-users