No subject


Thu Nov 23 16:36:19 EST 2017


[...]
        -s         Log alert messages to syslog
[...]

Still works as it did.  Check and see where your syslog.conf is logging
the auth.info facility to.

> Can I still do this? Alternatively, does anyone have a simple script for
> quickly viewing alerts from /var/log/snort or from alert_fast? I don't
> get enough traffic at warrant an elaborate setup.

Sure!

	tail -f /var/log/snort/alert

Can't get too much simpler than that! ;-)  Seriously, that may work for
you, or you might something a bit more.  Check out the report generators
on the Snort website--There's about 5 or so in the contrib download
section.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list