[Snort-users] help with snort output to syslog - solaris

David Lundy dlundy at ...15339...
Thu Jul 21 16:10:37 EDT 2011


I have been unsuccessful in getting snort to output to syslog.  I am trying to log locally on syslog with a view to sending syslog to a SIEM on another machine.

Operating System: Solaris 10 8/07 SPARC

Snort version:  2.9.0.5

Launching snort with the command although I have tried other variations:

/usr/local/bin/snort -A full -s -i nxge0 -u snort -g snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort

Relevant lines from snort.conf:

# syslog
output alert_syslog: LOG_LOCAL5 LOG_ALERT

Relevant lines from syslog.conf

# Local logs for thor
local5.info                     /var/log/snortlog

I have verified that syslog does log local5 messages using logger.  Snort seems to working except for syslog logging.

Would appreciate help.

David Lundy

------------------------------------------------
David Lundy
Assistant IT Security Officer
University of the Pacific
Stockton, CA 95211
Email: dlundy at ...15340...<mailto:dlundy at ...15340...>
Voice: 209-946-3951
Fax: 209-946-2898

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110721/add5619b/attachment.html>


More information about the Snort-users mailing list