Snort mailing list archives
Re: Unrecognised syslog facility/priority in snort
From: Mayur Patil <ram.nath241089 () gmail com>
Date: Sun, 13 Oct 2013 15:04:48 +0530
Hi Praveen Sir, Thanks for the reply. What ur Snort IP (as per my understanding it is also syslog Client), give
me IP's
Right. Snort is same as syslog client (*172.20.54.211*) * Please Ignore any configurations related to IP 172.20.54.212 as it is other machine.*
and
syslog server IP and conf's.
*syslog server IP: 172.20.54.213* * *
Give me full conf file on all the machines involved.
snort/syslog conf's On Snort machine IP 172.20.54.211, On location */etc/rsyslog.d/, * file rsyslog.conf. Contents are * auth.alert @172.20.54.213.* * * I am attaching files as follows: [1] rsyslog file for snort machine [2] snort.conf [3] rsyslog.conf for syslog server * * Seeking for guidance, Thanks ! * * *--* *Cheers,* *Mayur *
Best Regards, Praveen Darshanam On Fri, Oct 11, 2013 at 4:40 PM, Mayur Patil <ram.nath241089 () gmail com>wrote:Hi Praveen Sir, The logs are now appearing in syslog. What I have done : I changed facility and priority as follows: * facility: Daemon and level: notice * in snort.conf as output alert_syslog: host=172.20.54.213, LOG_DAEMON LOG_NOTICE and logs are appearing in syslog of alert as follows: http://fpaste.org/46064/ now I just want your help for getting messages at AUTH.ALERT level. Seeking for guidance, Thanks !!
Attachment:
rsyslog.conf for snort machine.txt
Description:
Attachment:
snort.conf
Description:
Attachment:
rsyslog server.conf
Description:
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Unrecognised syslog facility/priority in snort, (continued)
- Re: Unrecognised syslog facility/priority in snort praveen_recker . (Oct 04)
- Fwd: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 07)
- Message not available
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 08)
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 09)
- Message not available
- Re: Unrecognised syslog facility/priority in snort wkitty42 (Oct 09)
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 09)
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 11)
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 11)
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 11)
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 11)
- Message not available
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 13)
- Re: Unrecognised syslog facility/priority in snort praveen_recker . (Oct 13)
- Message not available
- Fwd: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 17)
- Re: Fwd: Unrecognised syslog facility/priority in snort Peter Bates (Oct 18)
- Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 09)