RE: [Snort-users] Syslogging question
This is a discussion on RE: [Snort-users] Syslogging question within the Snort forums, part of the System Security and Security Related category; Matt, As I read it, the host=3D format only applies to the win32 version, not = the Unix version... Steve &...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-23-2004
|
|||
|
|||
RE: [Snort-users] Syslogging question
Matt,
As I read it, the host=3D format only applies to the win32 version, not = the Unix version... Steve > -----Original Message----- > From: Matt [mailto:matt@bfinity.kicks-ass.net] > Sent: Monday, 23 August 2004 3:14 PM > To: Steve > Cc: snort-users@lists.sourceforge.net > Subject: Re: [Snort-users] Syslogging question >=20 > ################################################## ################## > # Step #3: Configure output plugins > # > # Uncomment and configure the output plugins you decide to use. = General > # configuration for output plugins is of the form: > # > # output <name_of_plugin>: <configuration_options> > # > # alert_syslog: log alerts to syslog > # ---------------------------------- > # Use one or more syslog facilities as arguments. Win32 can also > optionally > # specify a particular hostname/port. Under Win32, the default = hostname is > # '127.0.0.1', and the default port is 514. > # > # [Unix flavours should use this format...] > # output alert_syslog: LOG_AUTH LOG_ALERT > # > # [Win32 can use any of these formats...] > # output alert_syslog: LOG_AUTH LOG_ALERT > # output alert_syslog: host=3Dlocalhost, LOG_AUTH LOG_ALERT > # output alert_syslog: host=3Dhostname:port, LOG_AUTH LOG_ALERT >=20 > Try this: >=20 > output alert_syslog: host=3Dhostname:port, LOG_AUTH LOG_ALERT >=20 > HTH > Matt >=20 >=20 >=20 > Steve wrote: >=20 > > Hi, > > > > New to the list, new to Linux, new to Snort, but trying hard! > > > > I have installed Smoothwall Express V2, and I'm having fun setting > > things up and learning about all these things. But I'm stumped on = one > > thing. I have Kiwi Syslog Daemon running on a w2k3 box receiving > > syslog messages from Smoothwall and Linux. I've changed syslog.conf = to > > accomplish this, adding: > > > > *.* @192.168.0.60 > > > > at the end. Now all my Smoothwall logs are happily arriving at Kiwi. > > But I'd like to get Snort messages there too. I've changed = snort.conf > > to uncomment the line: > > > > output alert_syslog: LOG_AUTH LOG_ALERT > > > > but don't see any Snort messages in syslog. What else do I need to = do? > > I've trawled the web and archives but found nothing definitive, only > > lots of people asking similar questions. Sorry if this has been > > covered before. > > > > While I'm here, there is one other syslog-related problem, although > > not with Snort. After Smoothwall boot, it takes about 5 minutes for > > Kiwi to start receiving anything from Smoothwall, even though > > Smoothwall in the meantime logs messages. > > > > I have asked these questions on the Smoothwall list, but have = received > > no answers, so hoping someone here can help. Cheers. > > > > *Steve* > > ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
