[Snort-users] Unrecognised syslog facility/priority in snort

praveen_recker . praveen_recker at ...4543...
Wed Sep 4 10:21:45 EDT 2013


I don't think syslog is anyway dependent on mysql.
There might be some issue in syslog configuration like missing ports,
IP's,protocols etc.

Best Regards,
Praveen Darshanam


On Wed, Sep 4, 2013 at 3:57 PM, Mayur Patil <ram.nath241089 at ...11827...>wrote:

> hello pravin
>
>      I have not setup mysql database for snort; does it making
> unrecognized syslog facilty
>
>      as like baynard2 ??
>
>      please guide !
>
>      Thanks !
>
>
> On Fri, Aug 2, 2013 at 12:17 PM, praveen_recker . <praveen_recker at ...4543...
> > wrote:
>
>> Check if Firewall is running on any of the machines....turn it off.
>> try to telnet/nc on to the port.....from snotr machine to syslog server
>> port, it should be successful.
>>
>> -Praveen
>>
>>
>> On Fri, Aug 2, 2013 at 10:42 AM, Mayur Patil <ram.nath241089 at ...11827...>wrote:
>>
>>> Hello Pravin,
>>>
>>>    I have tried your steps. I am getting snort logs when snort restarts
>>> only
>>>
>>>    on the remote rSyslog server.
>>>
>>>   The problems I am facing are:
>>>
>>>    1. I am not getting logs of alert on remote rSyslog server.
>>>    2. When I tried command
>>>
>>>    snort -c /etc/snort/snort.conf -i eth0
>>>
>>>          snort is able to start in NIDS mode
>>>
>>>         but it still gives error of unrecognised syslog facility host:
>>> ip:port
>>>
>>>     What am I doing wrong ??
>>>
>>>     Please guide, Thanks !
>>>
>>> *--
>>> Cheers,
>>> Mayur*.
>>>
>>>
>>> On Fri, Aug 2, 2013 at 1:05 AM, praveen_recker . <
>>> praveen_recker at ...4543...> wrote:
>>>
>>>> Hi Mayur,
>>>>
>>>> Try to follow steps given in below link.
>>>>
>>>> http://darshanams.blogspot.in/2011/05/snort-logging-alerts-to-syslog-server.html
>>>>
>>>> Best Regards,
>>>> Praveen darshanam
>>>>
>>>>
>>>> On Thu, Aug 1, 2013 at 4:04 PM, Mayur Patil <ram.nath241089 at ...11827...>wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>>     I have done a lot google but found post mostly regarding Barnyard;
>>>>> not specific to Snort
>>>>>
>>>>>     I also tried various blog post for remote rSyslog exportation but
>>>>> not getting answer for this.
>>>>>
>>>>>     I set logs exportation settings as per manual of snort
>>>>>
>>>>>     output alert_syslog: host=10.1.1.1:514, <facility> <priority>
>>>>> <options>
>>>>>
>>>>>     So, in snort.conf file
>>>>>
>>>>>     #syslog
>>>>>
>>>>>     output alert_syslog: host=ip:port, LOG_AUTH LOG_ALERT
>>>>>
>>>>>     it gives error of unrecognised facility when I run snort in NIDS
>>>>> mode.
>>>>>
>>>>>     But it does not give error for
>>>>>
>>>>>     output alert_syslog: LOG_AUTH LOG_ALERT
>>>>>
>>>>>     What is going wrong ?
>>>>>
>>>>>     Please guide.
>>>>>
>>>>>     Thanks !!
>>>>>
>>>>>
>>>>> P.S. :  Snort.conf file :  http://pastebin.com/dkMRrfxp
>>>>> --
>>>>>
>>>>
>>
>
>
> --
> *Yours Sincerely,
> Mayur* S. Patil,
> ME COMP ENGG,
> MITCOE,
> Pune.
>
> Contact :
> * * <https://www.facebook.com/mayurram>  <https://twitter.com/RamMayur>
> <https://plus.google.com/u/0/107426396312814346345/about>
> <http://in.linkedin.com/pub/mayur-patil/35/154/b8b/>
> <http://stackoverflow.com/users/1528044/rammayur> *
> <https://myspace.com/mayurram>* <https://github.com/ramlaxman>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130904/625222b8/attachment.html>


More information about the Snort-users mailing list