[Snort-users] Snort+ and logging
andy.swartzbaugh at gmail.com
Thu Sep 20 12:48:07 EDT 2018
1) My understanding is that Barnyard was a remedy to cope with Snort2's
single-processor (i.e., not multi-processing) design and that Snort3 should
be able to handle logging without needing another process to handle the
snort --pcap-dir /path/to/pcap/dir --pcap-filter '*.pcap' -L dump -l
from www.snort.org/downloads/snortplus/snort_manual.html#_alert_syslog :
This must be done in snort.lua as opposed to the command line:
facility = local3,
level = info,
If you wanted to send the logs to another server, that would be handled
within rsyslogd (I use Ubuntu). Create a file named
"/etc/rsyslog.d/10-snort.conf" : (the lower the number, the higher the
and put the following line in it:
On Thu, Sep 20, 2018 at 8:52 AM Meridoff via Snort-users <
snort-users at lists.snort.org> wrote:
> Hello, I've heared that barnyard2 is out of date for snort3.
> Though it can be used .
> 1. What are the alternative (to barnyard2) ways for logging snort3 alerts
> to remote data-bases or remote syslog etc ? May be it will be included in
> snort3 project in future?
> 2.Small question - snort3 itself writes its own log to syslog (-M option).
> What are the ways to specifiy internal daemon logging methods : to file or
> syslog LEVEL ot smth orher ? I found nothing concering this in config
> Thanks for response
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> To unsubscribe, send an email to:
> snort-users-leave at lists.snort.org
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
> Please follow these rules:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users