[Snort-users] Changing name of alerts log

frederick sonnichsen fsonnichsen at ...315...
Mon Mar 10 12:02:50 EDT 2008


Thanks Joel.
   Below is a snippet of what I would think is the pertinent area of the 
old snort file. This was snort 2.3.3(14) running on debian.
Fritz

=============== OLD SNORT.CONF SNIPPET ======================
# [Win32 can use any of these formats...]
output alert_syslog: LOG_LOCAL0 LOG_ALERT
# output alert_syslog: host=hostname, LOG_AUTH LOG_ALERT
# output alert_syslog: host=hostname:port, LOG_AUTH LOG_ALERT
# log_tcpdump: log packets in binary tcpdump format
# -------------------------------------------------
# The only argument is the output file name.
#
output log_tcpdump: tcpdump.log



Joel Esler wrote:

> Do you have a snort.conf file from your predecessor?
>
> Joel
>
> On Mar 10, 2008, at 10:40 AM, frederick sonnichsen wrote:
>
>> I have snort 2.8.0.2 (75) running on Fedora Core 6. It presently  writes
>> files "alerts" and "snort.log.xxxxxxx".
>> I want to change the names of these files to fit software/scripts
>> written by my predecessor. Can someone tell me how to change the:  
>> alerts
>> log to "snortlog.log" and the dump logs to "tcpdump.log"
>>
>> I tried:
>> in snort.conf
>>  output alert_syslog: LOG_LOCAL0
>> in syslog.conf
>>  local0.*
>> /var/log/snort/snortlog.log
>>
>> But this has no affect. Perhaps this is not the way to accomplish  this.
>>
>> Thanks
>> Fritz
>>
>>
>>
>> ------------------------------------------------------------------------- 
>>
>> This SF.net email is sponsored by: Microsoft
>> Defy all challenges. Microsoft(R) Visual Studio 2008.
>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>
>
> -- 
> Joel Esler  joel.esler at ...1935...
>
>
>
>





More information about the Snort-users mailing list