[Snort-users] About syslog messages in snort

C. L. Martinez carlopmart at ...11827...
Fri Nov 21 02:34:31 EST 2014


Hi all

 I have installed two snort instances in one host (both are snort
2.9.7.0). One snort instance has so_rules only and the other instance
the rest of the rules.

 Ok. I need to differentiate syslog messages between these snort
processes using, for example, a specific entry like "snort_so-sensor1"
or "snort-sensor2" and, if it is possible, redirect all snort's syslog
entries to a different log file.

 Exists some option when snort starts or inside conf file to do this??

 I don't see anything about this in snort docs.

 Thanks.




More information about the Snort-users mailing list