[Fwd: RE: [Snort-users] Changing default syslog Facility:Priority for all alerts]

Mark Tunnell mtunnell at ...13707...
Tue Feb 21 11:59:02 EST 2006


Thanks for the responses.  My problem turned out to be that I was
trying to configure multiple alert_syslog statements to send to
different syslog facilities and the later ones kept over-riding the
previous ones.  It appears only one syslog priority may be set.  So,
I'll go with one and do the parsing on the other end.

Thanks,

Mark




More information about the Snort-users mailing list