[Snort-users] log to syslog but not to /var/log/snort/ directory

Andre' M. DiMino tsamp77 at ...549...
Fri Sep 2 06:08:03 EDT 2005

One option is to configure your syslog service to log to a remote syslog
Configure your syslog.conf file to send logs on the facility you set up for
snort to the remote server.

For example in snort.conf, you may have something like:
output alert_syslog: LOG_LOCAL3 LOG_ALERT

In your syslog.conf file, you could have:
local3.alert  @

You will need to configure your remote syslog server to accept the logs.

Also, this is quite a bit different if you are using syslog-ng.

HTH ! 

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Pablo Nebrera
Sent: Friday, September 02, 2005 6:46 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] log to syslog but not to /var/log/snort/ directory

I want to log to syslog and it works perfectly with the syslog output
plugin. But I have space problems and I don´t want to use the
/var/log/snort/ directory. 

Is that possible?? 

I have used the -N options and it doesn´t work. With this option doesn´t use
that directory but it doesn´t log to syslog either. 

What option do I have to use?? 

Thanks for your help


SF.Net email is Sponsored by the Better Software Conference & EXPO September
19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile &
Plan-Driven Development * Managing Projects & Teams * Testing & QA Security
* Process Improvement & Measurement * http://www.sqe.com/bsce5sf
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list