[Snort-users] Snort not logging to syslog

Dahlmann, Stephan Stephan.Dahlmann at ...13502...
Mon Sep 19 09:04:01 EDT 2005


Hi all,

i have installed snort on a debian box with two sensors.
Snort is running fine, BASE is running fine and i'm currently working on
the further configuration (signatures and so on).
One important thing for us is to get some kind of eMail if there is an
alert. After searching for some possibilities to implement that feature
i found fwlogwatch.

I now have running both snort-mysql and fwlogwatch, installed with
debian packets of Sarge (stable).

The problem is: snort logs to MySQL, but not to syslog.
I activated 
output alert_syslog: LOG_AUTH LOG_ALERT
in my snort.conf but there are no entries made in /var/log/syslog. I can
only see the starting / stopping messages of snort...

Is there a problem when both ouput plugins (database and alert_syslog)
are activated?
I read about starting snort with -s parameter, but if I do that snort
throws an error that parameters are overriding config or so. Sorry,
don't remember exactly.

fwlogwatch should be setup correctly, i can view the web interface and i
get the daily reports (which are empty). But because snort doesn't log
to syslog it can't send me an eMail... ;)

It would be great if someone could give me a hint on whats wrong. If
more information is needed please tell me!

Thanks for your time,
stephan


P.S.: this is my first post in a mailing list so i hope i did everything
correctly ;)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050919/0d39b844/attachment.html>


More information about the Snort-users mailing list