[Snort-users] About syslog messages in snort

Robert Millott robm at ...16885...
Fri Nov 21 08:22:38 EST 2014

Check out the -G option for starting snort.

Also google it. I had some problems with it a few months back, but finally
got it figured out. I think I posted the results, but if you need some more
help, I can share what I've done.

On Fri, Nov 21, 2014 at 2:34 AM, C. L. Martinez <carlopmart at ...11827...>

> Hi all
>  I have installed two snort instances in one host (both are snort
> One snort instance has so_rules only and the other instance
> the rest of the rules.
>  Ok. I need to differentiate syslog messages between these snort
> processes using, for example, a specific entry like "snort_so-sensor1"
> or "snort-sensor2" and, if it is possible, redirect all snort's syslog
> entries to a different log file.
>  Exists some option when snort starts or inside conf file to do this??
>  I don't see anything about this in snort docs.
>  Thanks.
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!

Robert Millott
President, Millott and Associates
(443) 255-3588
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141121/401bda33/attachment.html>

More information about the Snort-users mailing list