Snort mailing list archives
Re: logging in snort
From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 31 Jan 2005 12:59:58 -0500
At 11:58 AM 1/31/2005, Peggy Kam wrote:
Is it possible to log alerts to a shell script instead of logging them in syslog, so that the information can be redirected to somewhere else?
Not directly, as logging to a shell script would involve invoking a new process, an extremely slow and expensive operation that would cause snort to miss packets.
You might be able to abuse barnyard for this purpose, or on the easier end just use a logwatch or swatch setup.
See the FAQ on emailing alerts. ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort does not start Narayan Sivaramakrishnan (Jan 31)
- Re: Snort does not start Matt Kettler (Jan 31)
- Re: Snort does not start Joel Esler (Feb 01)
- logging in snort Peggy Kam (Jan 31)
- Re: logging in snort Matt Kettler (Jan 31)
- Re: logging in snort Peggy Kam (Jan 31)
- Re: logging in snort Matt Kettler (Jan 31)
- Re: logging in snort Matt Kettler (Jan 31)
- Re: Snort does not start Matt Kettler (Jan 31)
- <Possible follow-ups>
- RE: Snort does not start Lance Boon (Feb 01)