Re: snort -s and -l at the same time?

[Joe McAlerney <joey () SiliconDefense com>]

You can specify this in you configuration file:

output alert_syslog: LOG_AUTH LOG_ALERT
output alert_full: alert

-Joe M.

-- 
|   Joe McAlerney     joey () silicondefense com   |
| Silicon Defense - Technical Support for Snort |
|       http://www.silicondefense.com/          |
+--                                           --+

> Sven Olensky wrote:
>
> Tim,
> all,
>
> how would it be possible to have both the syslogging and the logging
> to alert active?
>
> --
> sven olensky   *  noc systems & dev
> intelispan     *  alpharetta, ga, usa
> --
>
> > -----Original Message-----
> > From: Tim Olson [mailto:tolson () unionsemiconductor com]
> > Sent: Saturday, August 11, 2001 12:25 AM
> > To: Sven Olensky
> > Subject: Re: [Snort-users] snort -s and -l at the same time?
> >
> >
> > I think that if you use -s it goes to wherever your syslog
> specifies,
> > so it doesn't care about the -l.  If you use just the -l, it will go
>
> > to whatever directory you specify and get the filename out of your
> > snort.conf file.
> >
> > Tim
> >
> > > Sven Olensky wrote:
> > >
> > > I am using Snort 1.8 and encountered the following phenomenon: if
> I
> > > start snort with -s and -l <logdir> at the same time, an alert
> file
> > > won't be created. However, if I omit the -s, everything is fine.
> > >
> > > Any ideas why?
> > >
> > > thanks

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users