[Snort-users] syslog

Andrea Venturoli ml at ...12839...
Wed Jun 6 09:20:38 EDT 2012


I've got a (little) problem with syslog (on various versions of FreeBSD)...

_ In /usr/local/etc/snort/snort.conf I have:
> output alert_syslog: LOG_SECURITY LOG_ALERT

_ in /etc/syslog.conf:
> security.*                                      /var/log/security
> auth.info                                       /var/log/auth.log

Yet all snort message go to /var/log/auth.log, not /var/log/security.

Am I doing something wrong?
Should I put something else in snort.conf?

  bye & Thanks

More information about the Snort-users mailing list