<table cellspacing="0" cellpadding="0" border="0"><tr><td valign="top" style="font: inherit;"><p>Hi Lincoln,<br>
Can you try with disabled cksum like '-k none' ?<br>
Regards<br>
Rmkml<br>
</p>
</td></tr></table>            <div id="_origMsg_">
                <div style="font-family:arial, helvetica, sans-serif:font-size:10pt">
                    <br />
                    <div style="font-family:times new roman, new york, times, serif;font-size:12pt">
                        <font size="2" face="Tahoma">
                            <hr size="1">
                            <b>
                                <span style="font-weight:bold;">From:</span>
                            </b>
                            Benjamin Lincoln <BLincoln@...15832...>;                            <br>
                            <b>
                                <span style="font-weight:bold:">To:</span>
                            </b>
                            snort-users@lists.sourceforge.net <snort-users@lists.sourceforge.net>;                                                                                                     <br>
                            <b>
                                <span style="font-weight:bold:">Subject:</span>
                            </b>
                            Re: [Snort-users] logging to syslog                            <br>
                            <b>
                                <span style="font-weight:bold;">Sent:</span>
                            </b>
                            Wed, Sep 19, 2012 5:26:39 PM                            <br>
                            </font>
                            <br>
                            <table cellspacing="0" cellpadding="0" border="0">
                                <tbody>
                                    <tr>
                                        <td valign="top" style="font:inherit;"><div class="WordSection1"><p class="MsoNormal"><span style='color:#1F497D;'>I’ve tried removing –K ascii from the run line, still no information is making  it to the Syslog server.</span></p><p class="MsoNormal"><span style='color:#1F497D;'>  </span></p><div><p class="MsoNormal"><span style='color:#1F497D;'>Ben Lincoln</span></p><p class="MsoNormal"><span style='color:#1F497D;'>Internal Ext. 53274</span></p><p class="MsoNormal"><span style='color:#1F497D;'>(509)524-5931</span></p></div><p class="MsoNormal"><span style='color:#1F497D;'>  </span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in;'><p class="MsoNormal"><b><span style='font-size:10.0pt;font-family:"Tahoma", "sans-serif";'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma", "sans-serif";'> Michael Steele [mailto:michaels@...9077...]
 <br><b>Sent:</b> Wednesday, September 19, 2012 10:05 AM<br><b>To:</b> Benjamin Lincoln; snort-users@lists.sourceforge.net<br><b>Subject:</b> RE: [Snort-users] logging to syslog</span></p></div></div><p class="MsoNormal">  </p><p class="MsoNormal"><span style='color:#1F497D;'>Remove the ’–K ascii’ from the run line.</span></p><p class="MsoNormal"><span style='color:#1F497D;'>  </span></p><p class="MsoNormal"><span style='color:#1F497D;'>Before going through all the trouble of changing the actual Snort startup, net stop snort, cd to the snort/bin folder and run:</span></p><p class="MsoNormal"><span style='color:#1F497D;'>  </span></p><p class="MsoNormal"><span style='color:#1F497D;'>snort -c c:\snort\etc\snort.conf -l c:\snort\log -i1 -s</span></p><p class="MsoNormal"><span style='color:#1F497D;'>  </span></p><p class="MsoNormal"><span style='color:#1F497D;'>I’m assuming the snort.conf is set
 properly for syslog output.</span></p><p class="MsoNormal"><span style='color:#1F497D;'>  </span></p><div><p class="MsoNormal"><span style='font-size:10.5pt;font-family:Consolas;color:#1F497D;'>Kindest regards,</span></p><p class="MsoNormal"><span style='font-size:10.5pt;font-family:Consolas;color:#1F497D;'>Michael...</span></p><p class="MsoNormal"><span style='font-size:10.5pt;font-family:Consolas;color:#1F497D;'>  </span></p><p class="MsoNormal"><span style='font-size:10.5pt;font-family:Consolas;color:#1F497D;'>WINSNORT.com Management Team Member</span></p><p class="MsoNormal"><span style='font-size:10.5pt;font-family:Consolas;color:#1F497D;'>--</span></p><p class="MsoNormal"><span style='font-size:10.5pt;font-family:Consolas;color:#1F497D;'>****************** Established ~ 2001 *******************</span></p><p class="MsoNormal"><span
 style='font-size:10.5pt;font-family:Consolas;color:#1F497D;'>*          Visit Us @ <a rel="nofollow" target="_blank" href="http://www.winsnort.com"><span style='color:#0061AA;'>http://www.winsnort.com</span></a>           *</span></p><p class="MsoNormal"><span style='font-size:10.5pt;font-family:Consolas;color:#1F497D;'>*      ~~ FREE WinIDS Snort installation guides ~~      *</span></p><p class="MsoNormal"><span style='font-size:10.5pt;font-family:Consolas;color:#1F497D;'>*               ~~ FREE support forums ~~               *</span></p><p class="MsoNormal"><span style='font-size:10.5pt;font-family:Consolas;color:#1F497D;'>* Snort: Open Source Network IDS - <a
 rel="nofollow" target="_blank" href="http://www.snort.org"><span style='color:#0061AA;'>http://www.snort.org</span></a> *</span></p><p class="MsoNormal"><span style='font-size:10.5pt;font-family:Consolas;color:#1F497D;'>*********************************************************</span></p></div><p class="MsoNormal"><span style='color:#1F497D;'>  </span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in;'><p class="MsoNormal" style='margin-left:.5in;'><b><span style='font-size:10.0pt;font-family:"Tahoma", "sans-serif";'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma", "sans-serif";'> Benjamin Lincoln [<a rel="nofollow" ymailto="mailto:BLincoln@...15836...32..." target="_blank" href="javascript:return">mailto:BLincoln@...15837...2...</a>] <br><b>Sent:</b> Wednesday, September 19, 2012 11:52 AM<br><b>To:</b> 'snort-users@lists.sourceforge.net'<br><b>Subject:</b> [Snort-users] logging to
 syslog</span></p></div></div><p class="MsoNormal" style='margin-left:.5in;'>  </p><p class="MsoNormal" style='margin-left:.5in;'>I’ve been having problems with the newest version of snort 2.9.3.1 not sending syslog information to our server.</p><p class="MsoNormal" style='margin-left:.5in;'>I’ve configured snort to install using the command snort –c c:\snort\etc\snort.conf –l c:\snort\log –i1 –K ascii –s and set the syslog server’s IP address in the snort.conf file. I’ve create a test rule to alert on any IP traffic, and can see the logs generate in the log folder, but it doesn’t send to the remote syslog server. I’ve also tested sending the syslogs to kiwi on the local snort server and that works fine. This was working with an older version of snort. Is there any changes in the new version of snort that needs to be configured to send to syslog?</p><p
 class="MsoNormal" style='margin-left:.5in;'>  </p><p class="MsoNormal" style='margin-left:.5in;'><span style='font-size:10.0pt;font-family:"Verdana", "sans-serif";'>Benjamin Lincoln</span><br><span style='font-size:10.0pt;font-family:"Verdana", "sans-serif";'>IT Security Analyst Support</span></p><p class="MsoNormal" style='margin-left:.5in;'><span style='font-size:10.0pt;font-family:"Verdana", "sans-serif";'>Banner Bank</span></p><p class="MsoNormal" style='margin-left:.5in;'><span style='font-size:10.0pt;font-family:"Verdana", "sans-serif";'>Internal Ext. 53274</span></p><p class="MsoNormal" style='margin-left:.5in;'><span style='font-size:10.0pt;font-family:"Verdana", "sans-serif";'>(509)524-5931</span></p><p class="MsoNormal" style='margin-left:.5in;'>  </p><p class="MsoNormal" style='margin-left:.5in;'>  </p></div></td>
                                    </tr>
                                </tbody>
                            </table>
                    </div>
                </div>
            </div>