[Snort-users] help with snort output to syslog - solaris

David Lundy dlundy at ...15339...
Thu Jul 21 16:10:37 EDT 2011

I have been unsuccessful in getting snort to output to syslog.  I am trying to log locally on syslog with a view to sending syslog to a SIEM on another machine.

Operating System: Solaris 10 8/07 SPARC

Snort version:

Launching snort with the command although I have tried other variations:

/usr/local/bin/snort -A full -s -i nxge0 -u snort -g snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort

Relevant lines from snort.conf:

# syslog
output alert_syslog: LOG_LOCAL5 LOG_ALERT

Relevant lines from syslog.conf

# Local logs for thor
local5.info                     /var/log/snortlog

I have verified that syslog does log local5 messages using logger.  Snort seems to working except for syslog logging.

Would appreciate help.

David Lundy

David Lundy
Assistant IT Security Officer
University of the Pacific
Stockton, CA 95211
Email: dlundy at ...15340...<mailto:dlundy at ...15340...>
Voice: 209-946-3951
Fax: 209-946-2898

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110721/add5619b/attachment.html>

More information about the Snort-users mailing list