Snort mailing list archives
Re: Remote Syslogging.
From: Demetri Mouratis <dmourati () cm math uiuc edu>
Date: Fri, 6 Dec 2002 11:54:06 -0600 (CST)
On Fri, 6 Dec 2002, Patrick Williams wrote:
I add the syslog switch, -s, and put this statement in my syslog.conf, "*snort* @managmentserverIP #Forward Snort msg to mgmt station"
First off, your syslog.conf syntax is wrong. It should be : auth.alert @managmentserverIP Look at your snort.conf file for more info on the facility and priority settings. Make sure you have syslogd on managementserver configured to allow syslog over UDP. Under RedHat, you can do this by editting /etc/sysconfig/syslog and additing the following line: SYSLOGD_OPTIONS="-r -m 0" Then restart syslog. As it says there, man syslogd for more info. HTH. --------------------------------------------------------------------- Demetri Mouratis dmourati () linfactory com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Remote Syslogging. Patrick Williams (Dec 06)
- Re: Remote Syslogging. Demetri Mouratis (Dec 06)
- Re: Remote Syslogging. Erek Adams (Dec 06)