RE: [Snort-users] Syslogging question
This is a discussion on RE: [Snort-users] Syslogging question within the Snort forums, part of the System Security and Security Related category; Tried it just then, but still no messages in syslog... Steve > -----Original Message----- > From: Matt [mailto:matt@bfinity....
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-24-2004
|
|||
|
|||
RE: [Snort-users] Syslogging question
Tried it just then, but still no messages in syslog...
Steve > -----Original Message----- > From: Matt [mailto:matt@bfinity.kicks-ass.net] > Sent: Tuesday, 24 August 2004 1:18 PM > To: Steve > Subject: Re: [Snort-users] Syslogging question >=20 >=20 > Sorry I Didnt read, > :) > just for curiosity sake did you try it? >=20 >=20 > Steve wrote: >=20 > >Matt, > > > >As I read it, the host=3D format only applies to the win32 version, = not the > >Unix version... > > > >Steve > > > > > > > > > >>-----Original Message----- > >>From: Matt [mailto:matt@bfinity.kicks-ass.net] > >>Sent: Monday, 23 August 2004 3:14 PM > >>To: Steve > >>Cc: snort-users@lists.sourceforge.net > >>Subject: Re: [Snort-users] Syslogging question > >> > >>################################################ #################### > >># Step #3: Configure output plugins > >># > >># Uncomment and configure the output plugins you decide to use. = General > >># configuration for output plugins is of the form: > >># > >># output <name_of_plugin>: <configuration_options> > >># > >># alert_syslog: log alerts to syslog > >># ---------------------------------- > >># Use one or more syslog facilities as arguments. Win32 can also > >>optionally > >># specify a particular hostname/port. Under Win32, the default = hostname > is > >># '127.0.0.1', and the default port is 514. > >># > >># [Unix flavours should use this format...] > >># output alert_syslog: LOG_AUTH LOG_ALERT > >># > >># [Win32 can use any of these formats...] > >># output alert_syslog: LOG_AUTH LOG_ALERT > >># output alert_syslog: host=3Dlocalhost, LOG_AUTH LOG_ALERT > >># output alert_syslog: host=3Dhostname:port, LOG_AUTH LOG_ALERT > >> > >>Try this: > >> > >>output alert_syslog: host=3Dhostname:port, LOG_AUTH LOG_ALERT > >> > >>HTH > >>Matt > >> > >> > >> > >>Steve wrote: > >> > >> > >> > >>>Hi, > >>> > >>>New to the list, new to Linux, new to Snort, but trying hard! > >>> > >>>I have installed Smoothwall Express V2, and I'm having fun setting > >>>things up and learning about all these things. But I'm stumped on = one > >>>thing. I have Kiwi Syslog Daemon running on a w2k3 box receiving > >>>syslog messages from Smoothwall and Linux. I've changed syslog.conf = to > >>>accomplish this, adding: > >>> > >>>*.* @192.168.0.60 > >>> > >>>at the end. Now all my Smoothwall logs are happily arriving at = Kiwi. > >>>But I'd like to get Snort messages there too. I've changed = snort.conf > >>>to uncomment the line: > >>> > >>>output alert_syslog: LOG_AUTH LOG_ALERT > >>> > >>>but don't see any Snort messages in syslog. What else do I need to = do? > >>>I've trawled the web and archives but found nothing definitive, = only > >>>lots of people asking similar questions. Sorry if this has been > >>>covered before. > >>> > >>>While I'm here, there is one other syslog-related problem, although > >>>not with Snort. After Smoothwall boot, it takes about 5 minutes for > >>>Kiwi to start receiving anything from Smoothwall, even though > >>>Smoothwall in the meantime logs messages. > >>> > >>>I have asked these questions on the Smoothwall list, but have = received > >>>no answers, so hoping someone here can help. Cheers. > >>> > >>>*Steve* > >>> > >>> > >>> > > > > > > > > > >------------------------------------------------------- > >SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank = Media > >100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 > >Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. > >http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 > >_______________________________________________ > >Snort-users mailing list > >Snort-users@lists.sourceforge.net > >Go to this URL to change user options or unsubscribe: > >https://lists.sourceforge.net/lists/...fo/snort-users > >Snort-users list archive: > >http://www.geocrawler.com/redir-sf.p...st=3Dort-users > > > > > > ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
