You are using -b and -A on the command line.  Command line options override snort.conf options.<div><br></div><div>J<br><br><div class="gmail_quote">On Thu, Mar 12, 2009 at 9:58 AM, Terry <span dir="ltr"><<a href="mailto:td3201@...11827...">td3201@...11827...</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hello,<br>
<br>
I can't seem to get syslog and snort working well together.   Here's what I got:<br>
<br>
commands I've tried:<br>
/usr/sbin/snort -A fast -b -d -D -i eth1 -s -u snort -g snort -c<br>
/etc/snort/snort.conf -l /var/log/snort<br>
/usr/sbin/snort -b -d -D -i eth1 -s -u snort -g snort -c<br>
/etc/snort/snort.conf -l /var/log/snort<br>
<br>
snort.conf:<br>
output alert_syslog: LOG_LOCAL0 LOG_ALERT<br>
<br>
syslog.conf:<br>
local0.*<br>
     /var/log/foo.log<br>
*.info;mail.none;authpriv.none;cron.none;local0.none    /var/log/messages<br>
<br>
I see stuff going into /var/log/messages but that's it.  What am I missing?<br>
<br>
------------------------------------------------------------------------------<br>
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are<br>
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and<br>
easily build your RIAs with Flex Builder, the Eclipse(TM)based development<br>
software that enables intelligent coding and step-through debugging.<br>
Download the free 60 day trial. <a href="http://p.sf.net/sfu/www-adobe-com" target="_blank">http://p.sf.net/sfu/www-adobe-com</a><br>
_______________________________________________<br>
Snort-users mailing list<br>
<a href="mailto:Snort-users@lists.sourceforge.net">Snort-users@...4626...ceforge.net</a><br>
Go to this URL to change user options or unsubscribe:<br>
<a href="https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/snort-users<br>
Snort-users</a> list archive:<br>
<a href="http://www.geocrawler.com/redir-sf.php3?list=snort-users" target="_blank">http://www.geocrawler.com/redir-sf.php3?list=snort-users</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>Joel Esler<br>T: 302-223-5974 (-) Gtalk: <a href="mailto:jesler@...1935...">jesler@...1935...</a><br>[m]<br>
</div>