[Snort-users] Snort logging to MySQL but not to syslog

Bahya NASSR EDDINE bahya_nassr at ...1855...
Wed Sep 14 03:57:08 EDT 2005


--- "Dahlmann, Stephan" <Stephan.Dahlmann at ...13502...> a
écrit :

> Hi all,
> Is there a problem when both ouput plugins (database
> and alert_syslog)
> are activated?

No, there should be no problem when logging snort
alerts to both a database and syslog. I am working on
the same situation and everything is working
correctly.

I actually log snort alerts to a file different from
/var/log/messages (in addition to a database). I then
used a LOG_LOCAL facility:

1.In snort.conf, add the line: “output alert_syslog:
LOG_LOCAL0” 
2.then, in syslog.conf:
modify the line that containes /var/log/messages and
add local0.none, so that snort alerts won't be logged
to /var/log/messages file.
add the line "local0.* /path/to/snort_log_file", snort
alerts will then be logged to the
/path/to/snort_log_file file”.

I hope this would be handy.

Regards



	

	
		
___________________________________________________________________________ 
Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger 
Téléchargez cette version sur http://fr.messenger.yahoo.com




More information about the Snort-users mailing list