[Snort-users] Snort's pid in syslog

sekure sekure at ...11827...
Mon Sep 13 11:45:01 EDT 2004


Hi all,

I was wondering if this is a bug with snort or perhaps I am going a
little crazy.
I recently reconfigured syslogd to log all daemon messages to one location: 
daemon.debug                                    /var/log/daemon.log

If I am not mistaken, before I did this, snort used to log to
/var/adm/messages and every line used to contain the process id in
square braces.  Now that it's logging to /var/log/daemon.log there is
not process id.  Every other process (barnyard, sshd, ntpd, etc) has
its pid in the log file, except for snort.  The problem is that I am
running 3 instances of snort on one box, and as a result can't tell
which process is associated with which messages.  I've restarted snort
and syslogd many times to no avail.

I am running snort 2.2.0 on RedHat 3.0.  Anybody seen this?




More information about the Snort-users mailing list