[Snort-users] Sending syslog alerts from Snort on ArchLinux on RPI b+

Y M snort at ...15979...
Mon Mar 23 15:23:15 EDT 2015


How is the syslog configuration line formatted? Trying something like:
output alert_syslog: host=<Syslog.IP.Addr:PORT>, <log_facility> <log_severity>
Also, make sure that the syslog receiver is actually getting the syslog packets. Hope this helps.
Date: Mon, 23 Mar 2015 18:45:25 +0000
From: bg31bf at ...17126...
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Sending syslog alerts from Snort on ArchLinux on RPI	b+

Hi,
Im issuing the command snort -d -h 192.168.1.0/24 -c /etc/snort/snort.conf -s and on the syslog server i have syslog watcher 4.7.4 on windows 7. Then i set up a rule for rules.conf file to alert ICMP packets. When I ping from the windows machine to the Raspberry Pi the ICMP traffic is reported within the console if snort is ran with the -A console option. But when the -s option is selected it doesnt send alerts to the Syslog server. I did configure the snort.conf in the syslog section with the IP address and 514 port of the Syslog server still no dice.

Am I missing something? 


------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news! 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150323/80dcc3e3/attachment.html>


More information about the Snort-users mailing list