Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort fails to dump alerts to Solaris 8 Syslog

From: Erek Adams <erek () snort org>
Date: Tue, 7 Oct 2003 08:44:00 -0400 (EDT)
On Mon, 6 Oct 2003, Richard Pitkanen wrote:


I've recently installed Snort on my Solaris 8 box, edited the snort.conf to
allow syslog logging, yet running this command gives me nothing in syslog;

"snort -s -A Fast -c /usr/local/snort-2.0.1/etc/snort.conf"

root @ wolf : ~ 16:33:32 --> snort -s -A fast -c
/usr/local/snort-2.0.1/etc/snort.conf


[...snip...]


# [Unix flavours should use this format...]
output alert_syslog: LOG_AUTH LOG_ALERT


[...snip...]


What else needs to be configured? Syslog is processing other events just
fine. Does syslog.conf need some modifications to work with snort?

Any help, ideas, or "go read this FAQ" greatly appreciated, thanks.


Actually, it's more like "Read the output from Snort."  :)  After the
initialization you get a 'command line switches override the config file'
style message.

Remove the '-s -A Fast' from the command line.  -A Fast is default, and
overrides the config file for output.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: