[Snort-users] [snort-users] alert_syslog and remote syslogs: win32 only?
gravyface at ...11827...
Fri Aug 7 19:30:18 EDT 2009
Running snort as follows (eth0 is 192.168.0.10):
snort -c /etc/snort/snort.conf -pDs -A fast -l /var/log/snort -i eth0
var RULE_PATH /etc/snort/rules/
output alert_syslog: host=192.168.0.3, LOG_AUTH LOG_ALERT
alert icmp any any -> 192.168.0.10/32 any (msg:"ICMP";sid:501;)
log file shows 4 pings in fast format ok, so I know the rules are
working, but I'm not seeing anything on my syslog server.
The documentation seems to imply that this host:port parameter is for
win32, but assumed it was -- as the docs mention -- because win32
doesn't have syslog, but that it would still work under Linux.
Am I wrong? If so, what's the recommended method of doing remote syslogging?
More information about the Snort-users