[Snort-users] barnyard: alert_syslog2 not working

Botwick, Jason (Genworth, Contractor) Jason.Botwick at ...12522...
Thu Oct 7 16:01:29 EDT 2004


Here is my barnyard.conf file
 
config hostname: x.x.x.x
config interface: x
output alert_syslog2: severity: NOTICE; facility: LOCAL1;
#output alert_syslog: LOG_LOCAL2 LOG_ALERT LOG_NDELAY

Here are the lines I added to the syslog.conf file:
 
local1.*
/var/log/barnyard.log
local2.*
/var/log/barnyard2.log
 
I SIGHUP'd both syslogd and barnyard. I even tried rebooting once, but
 
Running the command:
 
barnyard -o snort.eth1.alert.1097060734 -c /etc/snort/barnyard.conf
 
Produces no output in /var/log/barnyard.log
 
I have Snort configured to output in unified format. I know that this is
working because I can get Barnyard to log to a database, and also the
alert_syslog plugin works fine (using the commented directive above).
 
Any ideas why the old syslog plugin works, but the new one doesn't? What am
I forgetting?
 
 

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20041007/8eef9470/attachment.html>


More information about the Snort-users mailing list