[Snort-users] Syslogging question

permalink · #1 (**permalink**) 08-23-2004

This is a multi-part message in MIME format.

------=_NextPart_000_0002_01C48919.1E9363A0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi,

=20

New to the list, new to Linux, new to Snort, but trying hard!

=20

I have installed Smoothwall Express V2, and I'm having fun setting =
things up
and learning about all these things. But I'm stumped on one thing. I =
have
Kiwi Syslog Daemon running on a w2k3 box receiving syslog messages from
Smoothwall and Linux. I've changed syslog.conf to accomplish this, =
adding:

=20

*.* @192.168.0.60

=20

at the end. Now all my Smoothwall logs are happily arriving at Kiwi. But =
I'd
like to get Snort messages there too. I've changed snort.conf to =
uncomment
the line:

=20

output alert_syslog: LOG_AUTH LOG_ALERT

=20

but don't see any Snort messages in syslog. What else do I need to do? =
I've
trawled the web and archives but found nothing definitive, only lots of
people asking similar questions. Sorry if this has been covered before.

=20

While I'm here, there is one other syslog-related problem, although not =
with
Snort. After Smoothwall boot, it takes about 5 minutes for Kiwi to start
receiving anything from Smoothwall, even though Smoothwall in the =
meantime
logs messages.

=20

I have asked these questions on the Smoothwall list, but have received =
no
answers, so hoping someone here can help. Cheers.

=20

Steve

=20

------=_NextPart_000_0002_01C48919.1E9363A0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html>

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">

<meta name=3DGenerator content=3D"Microsoft Word 10 (filtered)">

<style>

</style>

</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

Hi,

 

New to the list, new to Linux, new to Snort, =
but
trying hard!

 

I have installed Smoothwall
Express V2, and I’m having fun setting things up and learning =
about all
these things. But I’m stumped on one thing. I have Kiwi Syslog =
Daemon
running on a w2k3 box receiving syslog messages from =
Smoothwall
and Linux. I’ve changed syslog.conf to accomplish this, =
adding:

 

*.*     &nb sp; &n=
bsp;       &nbs p;   &nb=
sp; @192.168.0.60

 

at the end. Now all my Smoothwall
logs are happily arriving at Kiwi. But I’d like to get Snort =
messages
there too. I’ve changed snort.conf to uncomment the =
line:

 

output alert_syslog: LOG_AUTH =
LOG_ALERT

 

but don’t see any Snort messages in =
syslog. What
else do I need to do? I’ve trawled the web and archives but found =
nothing
definitive, only lots of people asking similar questions. Sorry if this =
has
been covered before.

 

While I’m here, there is one other =
syslog-related
problem, although not with Snort. After Smoothwall
boot, it takes about 5 minutes for Kiwi to start receiving anything from =
Smoothwall,
even though Smoothwall
in the meantime logs messages.

 

I have asked these questions on the =
Smoothwall
list, but have received no answers, so hoping someone here can help. =
Cheers.

 

Steve

 

</div>

</body>

</html>

------=_NextPart_000_0002_01C48919.1E9363A0--

-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode