[Snort-users] Unrecognised syslog facility/priority in snort

Mayur Patil ram.nath241089 at ...11827...
Wed Sep 4 06:27:44 EDT 2013


hello pravin

     I have not setup mysql database for snort; does it making unrecognized
syslog facilty

     as like baynard2 ??

     please guide !

     Thanks !


On Fri, Aug 2, 2013 at 12:17 PM, praveen_recker .
<praveen_recker at ...4543...>wrote:

> Check if Firewall is running on any of the machines....turn it off.
> try to telnet/nc on to the port.....from snotr machine to syslog server
> port, it should be successful.
>
> -Praveen
>
>
> On Fri, Aug 2, 2013 at 10:42 AM, Mayur Patil <ram.nath241089 at ...11827...>wrote:
>
>> Hello Pravin,
>>
>>    I have tried your steps. I am getting snort logs when snort restarts
>> only
>>
>>    on the remote rSyslog server.
>>
>>   The problems I am facing are:
>>
>>    1. I am not getting logs of alert on remote rSyslog server.
>>    2. When I tried command
>>
>>    snort -c /etc/snort/snort.conf -i eth0
>>
>>          snort is able to start in NIDS mode
>>
>>         but it still gives error of unrecognised syslog facility host:
>> ip:port
>>
>>     What am I doing wrong ??
>>
>>     Please guide, Thanks !
>>
>> *--
>> Cheers,
>> Mayur*.
>>
>>
>> On Fri, Aug 2, 2013 at 1:05 AM, praveen_recker . <praveen_recker at ...4543...
>> > wrote:
>>
>>> Hi Mayur,
>>>
>>> Try to follow steps given in below link.
>>>
>>> http://darshanams.blogspot.in/2011/05/snort-logging-alerts-to-syslog-server.html
>>>
>>> Best Regards,
>>> Praveen darshanam
>>>
>>>
>>> On Thu, Aug 1, 2013 at 4:04 PM, Mayur Patil <ram.nath241089 at ...11827...>wrote:
>>>
>>>> Hello,
>>>>
>>>>     I have done a lot google but found post mostly regarding Barnyard;
>>>> not specific to Snort
>>>>
>>>>     I also tried various blog post for remote rSyslog exportation but
>>>> not getting answer for this.
>>>>
>>>>     I set logs exportation settings as per manual of snort
>>>>
>>>>     output alert_syslog: host=10.1.1.1:514, <facility> <priority>
>>>> <options>
>>>>
>>>>     So, in snort.conf file
>>>>
>>>>     #syslog
>>>>
>>>>     output alert_syslog: host=ip:port, LOG_AUTH LOG_ALERT
>>>>
>>>>     it gives error of unrecognised facility when I run snort in NIDS
>>>> mode.
>>>>
>>>>     But it does not give error for
>>>>
>>>>     output alert_syslog: LOG_AUTH LOG_ALERT
>>>>
>>>>     What is going wrong ?
>>>>
>>>>     Please guide.
>>>>
>>>>     Thanks !!
>>>>
>>>>
>>>> P.S. :  Snort.conf file :  http://pastebin.com/dkMRrfxp
>>>> --
>>>>
>>>
>


-- 
*Yours Sincerely,
Mayur* S. Patil,
ME COMP ENGG,
MITCOE,
Pune.

Contact :
* * <https://www.facebook.com/mayurram>  <https://twitter.com/RamMayur>
<https://plus.google.com/u/0/107426396312814346345/about>
<http://in.linkedin.com/pub/mayur-patil/35/154/b8b/>
<http://stackoverflow.com/users/1528044/rammayur> *
<https://myspace.com/mayurram>* <https://github.com/ramlaxman>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130904/41a5055c/attachment.html>


More information about the Snort-users mailing list