[Snort-users] logging to syslog

Benjamin Lincoln BLincoln at ...15832...
Wed Sep 19 11:51:44 EDT 2012


I've been having problems with the newest version of snort 2.9.3.1 not sending syslog information to our server.
I've configured snort to install using the command snort -c c:\snort\etc\snort.conf -l c:\snort\log -i1 -K ascii -s and set the syslog server's IP address in the snort.conf file. I've create a test rule to alert on any IP traffic, and can see the logs generate in the log folder, but it doesn't send to the remote syslog server. I've also tested sending the syslogs to kiwi on the local snort server and that works fine. This was working with an older version of snort. Is there any changes in the new version of snort that needs to be configured to send to syslog?

Benjamin Lincoln
IT Security Analyst Support
Banner Bank
Internal Ext. 53274
(509)524-5931


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120919/c40468b0/attachment.html>


More information about the Snort-users mailing list