[Snort-users] snort not sending messages to syslog

Jim B elemint at ...11827...
Fri Feb 24 11:55:16 EST 2006


I am using syslog and I have a default syslog config, how can I confirm that
syslog is configured properly?

Jim



On 2/24/06, Eric Hines <eric.hines at ...8860...> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jim,
>
> Try running tcpdump or snort in sniffer mode with BPF filters (snort
> - -vXedi eth0 'src or dst port 514' to see if Snort is even sending them
> out.
>
> Are you using Syslog on the other end or Syslog-NG? Make sure Syslog is
> configured properly of course.
>
>
>
> Best Regards,
>
> Eric Hines, GCIA, CISSP
> CEO, President
> Applied Watch Technologies, LLC
>
>
> - ---------------------------------------------
>
> Eric Hines, GCIA, CISSP
> CEO, President
> Applied Watch Technologies, LLC
> 1095 Pingree Road
> Suite 213
> Crystal Lake, IL 60014
> Toll Free: (877) 262-7593 ext:327
> Direct: (847) 854-2725 ext:327
> Fax: (847) 854-5106
> Web: http://www.appliedwatch.com
> Email: eric.hines at ...8860...
>
> - --------------------------------------------
>
> "Enterprise Open Source Security Management"
>
>
> Jim B wrote:
> > I have configured snort to send messages to syslog but they are not
> being
> > sent to syslog, how can determine why the messages or alerts are not
> being
> > sent to syslog?
> >
> >
> > Jim
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFD/y8/bOqF2QHgUK0RAvRlAKC+e3E2NGdr0W3CqxAK9mwj08sBYQCfZfBV
> tNjkn9shUL4p62R4HCiq63Y=
> =0CSE
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060224/f596d935/attachment.html>


More information about the Snort-users mailing list