I have a snort (snort2.3) and i need it to forward the alerts to a syslog server with priority local6
ading alert_syslog: log_local6 log_alert to snort.conf
doesn't work i even tried the -s option
while i get local syslogs in /var/log messages i can not get snort to log to some other file or to a different syslog server
there are no firewall issues and udp port 514 is reachable
can anybody help me on this one
===== ninad purohit ninadonline(at)yahoo(dot)co(dot)in have a nice day :-)
__________________________________ Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. http://info.mail.yahoo.com/mail_250
On 23/02/05 01:08 -0800, Ninad Purohit wrote:
I have a snort (snort2.3) and i need it to forward the alerts to a syslog server with priority local6
ading alert_syslog: log_local6 log_alert to snort.conf
doesn't work i even tried the -s option
while i get local syslogs in /var/log messages i can not get snort to log to some other file or to a different syslog server
If snort is logging to syslog, then you need to configure your syslogd to forward the traffic to the other host. Once Snort dumps the traffic to /dev/log, it is not the responsibility of Snort to send it elsewhere.
man 5 syslog.conf man 8 syslogd
Devdas Bhagat
-
Devdas Bhagat -
Ninad Purohit