[Snort-users] syslog

Andrea Venturoli ml at ...12839...
Mon Jun 11 05:47:32 EDT 2012


On 06/06/12 15:58, Jarrett Carver wrote:
> Andrea,
>
> I don't believe LOG_SECURITY is a valid facility to use in the output
> alert_syslog. If you look in
> ~/snort-2.9.2.3/src/output-plugins/spo_alert_syslog.c you will see that
> only the following facility keywords are available to the syslog output:
>
>      log_auth
>      log_authpriv
>      log_daemon
>      log_local0
>      log_local1
>      log_local2
>      log_local3
>      log_local4
>      log_local5
>      log_local6
>      log_local7
>      log_user
>
>
> I would recommend changing the facility in your snort.conf

Thanks, I did and now I got what I wanted.

Though I'm wondering why LOG_SECURITY is not there, if it could be added 
and whether I should have seen an error, instead of a silent failure...

  bye & Thanks
	av.




More information about the Snort-users mailing list