[Snort-users] snort not sending messages to syslog

Jim B elemint at ...11827...
Fri Feb 24 11:53:04 EST 2006


I am starting snort with the startup file for the snort daemon in
/etc/init.d/snortd file

when I do a ps aux this is how snort is running:

snort     4044  0.0  2.8 63804 58508 ?       Ss   Feb22   1:20
/usr/sbin/snort -A fast -b -d -D -i eth0 -u snort -g snort -c
/etc/snort/snort.conf -l /var/log/snort

this is the syslog options I have configure in snort.conf:

       grep syslog /etc/snort/snort.conf
#       used to tune alerts from very active hosts such as syslog servers,
etc.
# alert_syslog: log alerts to syslog
# Use one or more syslog facilities as arguments.  Win32 can also optionally
 output alert_syslog: LOG_AUTH LOG_ALERT
# output alert_syslog: LOG_AUTH LOG_ALERT
# output alert_syslog: host=hostname, LOG_AUTH LOG_ALERT
# output alert_syslog: host=hostname:port, LOG_AUTH LOG_ALERT
# This example will create a rule type that will log to syslog and a mysql
   output alert_syslog: LOG_AUTH LOG_ALERT

I am not running snort in a chroot enviroment

I am starting syslogd just by /etc/init.d/syslog restart

ps aux output for syslog:

 ps aux |grep syslog
root      3966  0.0  0.0  3380  680 ?        Ss   Feb22   0:01 syslogd -m 0



Jim







On 2/24/06, James Lay <jlay at ...13475...> wrote:
>
> Jim,
>
> How are you starting it?
> What's in your snort.conf regarding syslog?
> Are you running snort chroot?
> How are you starting syslogd?
>
> James
>
>  ------------------------------
> *From:* snort-users-admin at lists.sourceforge.net [mailto:
> snort-users-admin at lists.sourceforge.net] *On Behalf Of *Jim B
> *Sent:* Friday, February 24, 2006 8:58 AM
> *To:* snort-users at lists.sourceforge.net
> *Subject:* [Snort-users] snort not sending messages to syslog
>
>
>  I have configured snort to send messages to syslog but they are not being
> sent to syslog, how can determine why the messages or alerts are not being
> sent to syslog?
>
>
> Jim
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060224/052cc315/attachment.html>


More information about the Snort-users mailing list