[Snort-users] Snort not logging to syslog

Joel Esler joel.esler at ...1935...
Mon Sep 19 09:13:22 EDT 2005

in your /etc/syslog.conf, where do you have auth logging to?


On Sep 14, 2005, at 3:06 AM, Dahlmann, Stephan wrote:

> Hi all,
> i have installed snort on a debian box with two sensors.
> Snort is running fine, BASE is running fine and i'm currently  
> working on the further configuration (signatures and so on).
> One important thing for us is to get some kind of eMail if there is  
> an alert. After searching for some possibilities to implement that  
> feature i found fwlogwatch.
> I now have running both snort-mysql and fwlogwatch, installed with  
> debian packets of Sarge (stable).
> The problem is: snort logs to MySQL, but not to syslog.
> I activated
> output alert_syslog: LOG_AUTH LOG_ALERT
> in my snort.conf but there are no entries made in /var/log/syslog.  
> I can only see the starting / stopping messages of snort...
> Is there a problem when both ouput plugins (database and  
> alert_syslog) are activated?
> I read about starting snort with -s parameter, but if I do that  
> snort throws an error that parameters are overriding config or so.  
> Sorry, don't remember exactly.
> fwlogwatch should be setup correctly, i can view the web interface  
> and i get the daily reports (which are empty). But because snort  
> doesn't log to syslog it can't send me an eMail... ;)
> It would be great if someone could give me a hint on whats wrong.  
> If more information is needed please tell me!
> Thanks for your time,
> stephan
> P.S.: this is my first post in a mailing list so i hope i did  
> everything correctly ;)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050919/d3d960db/attachment.html>

More information about the Snort-users mailing list