[Snort-users] Logging to dual hosts..
Snort at ...13151...
Mon Mar 21 09:51:17 EST 2005
You will need to specify another facility for EACH action, other words
you need another line to log to a different location, you can only
specify multiple actions if they are users...
put that into syslog.conf and restart syslog and you should see data in
both places, I do the samething for my logins on all my linux servers,
log locally and remotely. I dug up a little man/help page on the
internet for ya as well (aint I swell? :) )
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Marc
Posted At: Monday, March 21, 2005 10:45 AM
Posted To: Snort
Conversation: Logging to dual hosts..
Subject: [Snort-users] Logging to dual hosts..
I currently have snort set to log to Mysql as well as Syslog. I am
having a problem getting Syslog to redirect itt's local3.* to both a
remote syslog host as well as the local logfile.
I have the following entry in my syslog.conf
If I try
it only writes to the @18.104.22.168 address (Please note that all IP
addresses have been changed to protect the innocent :) )
According to the man pages and documentation for syslog this should
work.....what am I missing here?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users