[Snort-users] snort not logging full output to syslog

Rajeev Sinha sinharajeev17 at ...11827...
Sun Nov 13 12:11:28 EST 2011


You mean to say that syslog plugin of Snort itself doesn't support sending
full log messages and that I will need to use local/DB logging if I want to
see full alert message?

On Sun, Nov 13, 2011 at 12:01 PM, Joel Esler <jesler at ...1935...> wrote:

> Syslog doesn't output those fields.  You'd have to use something like -A
> full as an output method.
>
> J
>
> On Nov 13, 2011, at 11:42 AM, Rajeev Sinha wrote:
>
> > Hi all,
> > I am able to send snort alerts to my remote syslog server but I am not
> able to see full alert message. I am specifically interested in receiving
> XREF (CVE, bugtraq etc) field.
> >
> > I am starting syslog as-
> > snort -c /etc/snort/snort.conf
> >
> > Has anybody been able to achieve this?
> >
> > Thanks for the help,
> > Rajeev
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > RSA(R) Conference 2012
> > Save $700 by Nov 18
> > Register now
> >
> http://p.sf.net/sfu/rsa-sfdev2dev1_______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20111113/b92d3f64/attachment.html>


More information about the Snort-users mailing list