Thu Nov 23 16:36:19 EST 2017
-s Log alert messages to syslog
Still works as it did. Check and see where your syslog.conf is logging
the auth.info facility to.
> Can I still do this? Alternatively, does anyone have a simple script for
> quickly viewing alerts from /var/log/snort or from alert_fast? I don't
> get enough traffic at warrant an elaborate setup.
tail -f /var/log/snort/alert
Can't get too much simpler than that! ;-) Seriously, that may work for
you, or you might something a bit more. Check out the report generators
on the Snort website--There's about 5 or so in the contrib download
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users