[Snort-users] Logging to dual hosts..

Snort Snort at ...13151...
Mon Mar 21 09:51:17 EST 2005


You will need to specify another facility for EACH action, other words
you need another line to log to a different location, you can only
specify multiple actions if they are users...

 

local3.*
/var/log/snort/snort.log

local3.*                                                @1.2.3.4

 

put that into syslog.conf and restart syslog and you should see data in
both places, I do the samething for my logins on all my linux servers,
log locally and remotely. I dug up a little man/help page on the
internet for ya as well (aint I swell? :) )

 

http://www.cmdl.noaa.gov/hats/insitu/cats/stations/qnxman/syslogd.html

 

 

Thanks,

Michael Brown

  _____  

From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Marc
Hering
Posted At: Monday, March 21, 2005 10:45 AM
Posted To: Snort
Conversation: Logging to dual hosts..
Subject: [Snort-users] Logging to dual hosts..
  

Hey guys

I currently have snort set to log to Mysql as well as Syslog.  I am
having a problem getting Syslog to redirect itt's local3.* to both a
remote syslog host as well as the local logfile.

 

I have the following entry in my syslog.conf

 

local3.*                                                @1.2.3.4

 

If I try

local3.*
@1.2.3.4,/var/log/snort/snort.log

it only writes to the @1.2.3.4 address (Please note that all IP
addresses have been changed to protect the innocent :) )

 

According to the man pages and documentation for syslog this should
work.....what am I missing here? 

 

Thanks!

<M>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050321/c8c1bad1/attachment.html>


More information about the Snort-users mailing list