Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Remote Syslogging.

From: Demetri Mouratis <dmourati () cm math uiuc edu>
Date: Fri, 6 Dec 2002 11:54:06 -0600 (CST)

On Fri, 6 Dec 2002, Patrick Williams wrote:


I add the syslog switch, -s, and put this statement in my syslog.conf,
"*snort*        @managmentserverIP           #Forward Snort msg to mgmt
station"


First off, your syslog.conf syntax is wrong.  It should be :

auth.alert      @managmentserverIP

Look at your snort.conf file for more info on the facility and priority
settings.

Make sure you have syslogd on managementserver configured to allow syslog
over UDP.  Under RedHat, you can do this by editting
/etc/sysconfig/syslog and additing the following line:

SYSLOGD_OPTIONS="-r -m 0"

Then restart syslog.

As it says there, man syslogd for more info.

HTH.
---------------------------------------------------------------------
Demetri Mouratis
dmourati () linfactory com



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: