[Snort-users] log to syslog but not to /var/log/snort/ directory

Andre' M. DiMino tsamp77 at ...549...
Fri Sep 2 06:08:03 EDT 2005


One option is to configure your syslog service to log to a remote syslog
server.
Configure your syslog.conf file to send logs on the facility you set up for
snort to the remote server.

For example in snort.conf, you may have something like:
output alert_syslog: LOG_LOCAL3 LOG_ALERT

In your syslog.conf file, you could have:
local3.alert  @192.168.10.10

You will need to configure your remote syslog server to accept the logs.

Also, this is quite a bit different if you are using syslog-ng.

HTH ! 

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Pablo Nebrera
Sent: Friday, September 02, 2005 6:46 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] log to syslog but not to /var/log/snort/ directory

I want to log to syslog and it works perfectly with the syslog output
plugin. But I have space problems and I don´t want to use the
/var/log/snort/ directory. 

Is that possible?? 

I have used the -N options and it doesn´t work. With this option doesn´t use
that directory but it doesn´t log to syslog either. 

What option do I have to use?? 

Thanks for your help


Pablo



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO September
19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile &
Plan-Driven Development * Managing Projects & Teams * Testing & QA Security
* Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users





More information about the Snort-users mailing list