Snort mailing list archives
Re: snort not sending messages to syslog
From: "Jim B" <elemint () gmail com>
Date: Fri, 24 Feb 2006 12:54:13 -0700
I am using syslog and I have a default syslog config, how can I confirm that syslog is configured properly? Jim On 2/24/06, Eric Hines <eric.hines () appliedwatch com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jim, Try running tcpdump or snort in sniffer mode with BPF filters (snort - -vXedi eth0 'src or dst port 514' to see if Snort is even sending them out. Are you using Syslog on the other end or Syslog-NG? Make sure Syslog is configured properly of course. Best Regards, Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, LLC - --------------------------------------------- Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, LLC 1095 Pingree Road Suite 213 Crystal Lake, IL 60014 Toll Free: (877) 262-7593 ext:327 Direct: (847) 854-2725 ext:327 Fax: (847) 854-5106 Web: http://www.appliedwatch.com Email: eric.hines () appliedwatch com - -------------------------------------------- "Enterprise Open Source Security Management" Jim B wrote:I have configured snort to send messages to syslog but they are notbeingsent to syslog, how can determine why the messages or alerts are notbeingsent to syslog? Jim-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFD/y8/bOqF2QHgUK0RAvRlAKC+e3E2NGdr0W3CqxAK9mwj08sBYQCfZfBV tNjkn9shUL4p62R4HCiq63Y= =0CSE -----END PGP SIGNATURE-----
Current thread:
- snort not sending messages to syslog Jim B (Feb 24)
- Re: snort not sending messages to syslog Eric Hines (Feb 24)
- Re: snort not sending messages to syslog Jim B (Feb 24)
- Message not available
- Re: snort not sending messages to syslog Jim B (Feb 24)
- Re: snort not sending messages to syslog Eric Hines (Feb 24)
- Re: snort not sending messages to syslog Joe S (Mar 05)