Snort mailing list archives
Re: log to syslog but not to /var/log/snort/ directory
From: Jason Brvenik <jasonb () sourcefire com>
Date: Mon, 05 Sep 2005 12:20:27 -0400
I suspect you need to disable some of the output methods. What is the result of grep output </path/to/snort.conf> Pablo Nebrera wrote:
Ye I know I can send the logs to a remote host and I even use it. But it still create the /var/log/snort directory with a lot of logs there. How can I avoid it??ThanksPablo El vie, 02-09-2005 a las 09:07 -0400, Andre' M. DiMino escribió:One option is to configure your syslog service to log to a remote syslog server. Configure your syslog.conf file to send logs on the facility you set up for snort to the remote server. For example in snort.conf, you may have something like: output alert_syslog: LOG_LOCAL3 LOG_ALERT In your syslog.conf file, you could have: local3.alert @192.168.10.10 You will need to configure your remote syslog server to accept the logs. Also, this is quite a bit different if you are using syslog-ng.HTH !-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Pablo Nebrera Sent: Friday, September 02, 2005 6:46 AM To: snort-users () lists sourceforge net Subject: [Snort-users] log to syslog but not to /var/log/snort/ directory I want to log to syslog and it works perfectly with the syslog output plugin. But I have space problems and I don´t want to use the/var/log/snort/ directory. Is that possible??I have used the -N options and it doesn´t work. With this option doesn´t usethat directory but it doesn´t log to syslog either. What option do I have to use??Thanks for your help Pablo ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users
------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- log to syslog but not to /var/log/snort/ directory Pablo Nebrera (Sep 02)
- RE: log to syslog but not to /var/log/snort/ directory Andre' M. DiMino (Sep 02)
- RE: log to syslog but not to /var/log/snort/ directory Pablo Nebrera (Sep 05)
- Re: log to syslog but not to /var/log/snort/ directory Jason Brvenik (Sep 05)
- Re: log to syslog but not to /var/log/snort/ directory Pablo Nebrera (Sep 07)
- RE: log to syslog but not to /var/log/snort/ directory Pablo Nebrera (Sep 05)
- RE: log to syslog but not to /var/log/snort/ directory Andre' M. DiMino (Sep 02)