[Snort-users] Unrecognised syslog facility/priority in snort

praveen_recker . praveen_recker at ...4543...
Fri Sep 6 11:43:46 EDT 2013


Hi Mayur,

On Snort(172.20.54.211) setup add

Modify syslog configuration file
                 /etc/rsyslog.conf
by adding line
*.*                                                     @172.20.54.213:514

I am not sure what is the use of "172.20.54.212 - other client".
Your Snort (172.20.54.211) setup will act as client and machine with syslog
acts as Server(172.20.54.213).

Best Regards,
Praveen Darshanam


On Fri, Sep 6, 2013 at 12:33 PM, Mayur Patil <ram.nath241089 at ...11827...>wrote:

> Hi Pravin,
>
>    I am attaching the output of following files
>
>      [1] rsyslog.conf of client machine  http://fpaste.org/37490/
>
>      [2] rsyslog.conf of server machine http://fpaste.org/37491/
>
>      [3] snort.conf:  http://fpaste.org/37493/
>
>   I am stuck on this issue. Please help !!
>
>   I am getting snort.log files on remote server when I restart snort.
>
>   but unable to get "alert" files log which is the utmost important part
>
>   172.20.54.211 -  snort machine
>
>   172.20.54.212 - other client
>
>   172.20.54.213- server machine
>
>   Thanks !*
>
> *
> *--
> *
> *Cheers,
> Mayur*
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130906/1fbdc159/attachment.html>


More information about the Snort-users mailing list