Snort mailing list archives
Re: Hi all
From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 01 Oct 2004 13:10:22 -0400
At 12:57 PM 10/1/2004, Raffael Maio wrote:
I m looking to use the output plugin with snort. But when I configure one of them it said me : Unrecognized syslog facility/priority: host=192.168.1.1:514I see on documentation that I could make an output plugin in the snort.conf. I do that and I put this exactly line: output alert_syslog: host=192.168.1.1:514, log_auth log_alert
That variant is *ONLY* supported on win32.. ARe you using a windows box? If not, remove the host statement. Also, make sure LOG_AUTH and LOG_ALERT are in caps, not lower case.
If you need to forward your logs to a different system on a unix box, configure your syslog.conf to forward the messages to the approprate server. How this is done depends on what syslogd you are using. Consult your manpages on syslog.conf.
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Hi all Raffael Maio (Oct 01)
- Re: Hi all Matt Kettler (Oct 01)