[Snort-users] About syslog messages in snort

C. L. Martinez carlopmart at ...11827...
Fri Nov 21 08:47:29 EST 2014


Thanks Robert, but according to snort's docs -G flag it is for eventid
generated by one sensor ... Right??

On Fri, Nov 21, 2014 at 1:22 PM, Robert Millott
<robm at ...16885...> wrote:
> Check out the -G option for starting snort.
>
> Also google it. I had some problems with it a few months back, but finally
> got it figured out. I think I posted the results, but if you need some more
> help, I can share what I've done.
>
> On Fri, Nov 21, 2014 at 2:34 AM, C. L. Martinez <carlopmart at ...11827...>
> wrote:
>>
>> Hi all
>>
>>  I have installed two snort instances in one host (both are snort
>> 2.9.7.0). One snort instance has so_rules only and the other instance
>> the rest of the rules.
>>
>>  Ok. I need to differentiate syslog messages between these snort
>> processes using, for example, a specific entry like "snort_so-sensor1"
>> or "snort-sensor2" and, if it is possible, redirect all snort's syslog
>> entries to a different log file.
>>
>>  Exists some option when snort starts or inside conf file to do this??
>>
>>  I don't see anything about this in snort docs.
>>
>>  Thanks.
>>
>>
>> ------------------------------------------------------------------------------
>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
>> with Interactivity, Sharing, Native Excel Exports, App Integration & more
>> Get technology previously reserved for billion-dollar corporations, FREE
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest Snort
>> news!
>
>
>
>
> --
> Robert Millott
> President, Millott and Associates
> (443) 255-3588




More information about the Snort-users mailing list