[Snort-users] syslog output problem

Terry td3201 at ...11827...
Thu Mar 12 09:58:32 EDT 2009


Hello,

I can't seem to get syslog and snort working well together.   Here's what I got:

commands I've tried:
/usr/sbin/snort -A fast -b -d -D -i eth1 -s -u snort -g snort -c
/etc/snort/snort.conf -l /var/log/snort
/usr/sbin/snort -b -d -D -i eth1 -s -u snort -g snort -c
/etc/snort/snort.conf -l /var/log/snort

snort.conf:
output alert_syslog: LOG_LOCAL0 LOG_ALERT

syslog.conf:
local0.*
     /var/log/foo.log
*.info;mail.none;authpriv.none;cron.none;local0.none    /var/log/messages

I see stuff going into /var/log/messages but that's it.  What am I missing?




More information about the Snort-users mailing list