Snort mailing list archives
Re: Repost: Syslog, but I don't want it
From: Joe McAlerney <joey () SiliconDefense com>
Date: Thu, 31 May 2001 14:45:10 -0700
Well, nothing really comes to mind, but these are the steps I would take. 1) Check to see if another snort process is running in the background. Perhaps it is using -s. 2) Double and Triple check that "output alert_syslog" is not being used in your configuration file or any files included in your configuration file. Grep for "syslog". 3) Try running snort without -D. Same results? 4) Use a test config file with one rule in it: alert icmp any any -> any any (msg:"Test ICMP rule";) Ping some machines on your network. Are the being sent to syslog? 5) Could there be output plugins in your original configuration file that are somehow indirectly linked to syslog on your system? It's a long shot, but if the facilities they use are somehow communicating to syslog as well, that could be the issue. Any other ideas? -Joe M. -- | Joe McAlerney joey () silicondefense com | | Silicon Defense - Technical Support for Snort | | http://www.silicondefense.com/ | +-- --+ Marc Thompson wrote:
This is a Repost. Basically, snort is logging to syslog and I don't know how to prevent it. ***Original Message*** I'm having a problem with Snort Version 1.7 on RedHat 7.1. I am getting messages sent to syslog, but don't want them there. Here is the command-line that I'm using to start Snort: snort -c /etc/snort/snort.10.3.1.0.conf -i eth0 -D The referenced snort.10.3.1.0.conf has no reference to syslog in it that is uncommented. I didn't specifically compile (knowingly) to use syslog. I can't find a line in the configuration of the source that indicates syslog should or shouldn't be used. Otherwise, snort is working great. It logs in binary in tcpdump format nicely and also logs to a remote MySQL Server Thank you in advance, Marc Thompson _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Repost: Syslog, but I don't want it Marc Thompson (May 31)
- Re: Repost: Syslog, but I don't want it Joe McAlerney (May 31)
- <Possible follow-ups>
- RE: Repost: Syslog, but I don't want it Marc Thompson (Jun 01)
- Re: Repost: Syslog, but I don't want it Fyodor (Jun 02)
- {off-topic} Who goes 2 Defcon9 Cedric (Jun 02)
- Re: {off-topic} Who goes 2 Defcon9 Fyodor (Jun 02)
- RE: {off-topic} Who goes 2 Defcon9 Ofir Arkin (Jun 02)
- Re: {off-topic} Who goes 2 Defcon9 Martin Roesch (Jun 03)
- RE: Repost: Syslog, but I don't want it Neil Dickey (Jun 01)
- RE: Repost: Syslog, but I don't want it Marc Thompson (Jun 01)
- RE: Repost: Syslog, but I don't want it Neil Dickey (Jun 01)
- RE: Repost: Syslog, but I don't want it Marc Thompson (Jun 03)