[Snort-users] log to syslog but not to /var/log/snort/ directory

Jason Brvenik jasonb at ...1935...
Mon Sep 5 09:21:27 EDT 2005


I suspect you need to disable some of the output methods.

What is the result of grep output </path/to/snort.conf>

Pablo Nebrera wrote:
> Ye I know I can send the logs to a remote host and I even use it. But it
> still create the /var/log/snort directory with a lot of logs there.
> 
> 
> How can I avoid it??
> 
> 
> Thanks 
> 
> 
> Pablo
> 
> El vie, 02-09-2005 a las 09:07 -0400, Andre' M. DiMino escribió:
> 
>>One option is to configure your syslog service to log to a remote syslog
>>server.
>>Configure your syslog.conf file to send logs on the facility you set up for
>>snort to the remote server.
>>
>>For example in snort.conf, you may have something like:
>>output alert_syslog: LOG_LOCAL3 LOG_ALERT
>>
>>In your syslog.conf file, you could have:
>>local3.alert  @192.168.10.10
>>
>>You will need to configure your remote syslog server to accept the logs.
>>
>>Also, this is quite a bit different if you are using syslog-ng.
>>
>>HTH ! 
>>
>>-----Original Message-----
>>From: snort-users-admin at lists.sourceforge.net
>>[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Pablo Nebrera
>>Sent: Friday, September 02, 2005 6:46 AM
>>To: snort-users at lists.sourceforge.net
>>Subject: [Snort-users] log to syslog but not to /var/log/snort/ directory
>>
>>I want to log to syslog and it works perfectly with the syslog output
>>plugin. But I have space problems and I don´t want to use the
>>/var/log/snort/ directory. 
>>
>>Is that possible?? 
>>
>>I have used the -N options and it doesn´t work. With this option doesn´t use
>>that directory but it doesn´t log to syslog either. 
>>
>>What option do I have to use?? 
>>
>>Thanks for your help
>>
>>
>>Pablo
>>
>>
>>
>>-------------------------------------------------------
>>SF.Net email is Sponsored by the Better Software Conference & EXPO September
>>19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile &
>>Plan-Driven Development * Managing Projects & Teams * Testing & QA Security
>>* Process Improvement & Measurement * http://www.sqe.com/bsce5sf
>>_______________________________________________
>>Snort-users mailing list
>>Snort-users at lists.sourceforge.net
>>Go to this URL to change user options or unsubscribe:
>>https://lists.sourceforge.net/lists/listinfo/snort-users
>>Snort-users list archive:
>>http://www.geocrawler.com/redir-sf.php3?list=ort-users
>>
>>
>>
>>-------------------------------------------------------
>>SF.Net email is Sponsored by the Better Software Conference & EXPO
>>September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
>>Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
>>Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
>>_______________________________________________
>>Snort-users mailing list
>>Snort-users at lists.sourceforge.net
>>Go to this URL to change user options or unsubscribe:
>>https://lists.sourceforge.net/lists/listinfo/snort-users
>>Snort-users list archive:
>>http://www.geocrawler.com/redir-sf.php3?list
>>
> 
> 
> 
> 
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users
> 




More information about the Snort-users mailing list