<snip> ----------------------------------------------------- If snort is logging to syslog, then you need to configure your syslogd to forward the traffic to the other host. Once Snort dumps the traffic to /dev/log, it is not the responsibility of Snort to send it elsewhere.
man 5 syslog.conf man 8 syslogd ----------------------------------------------------- </snip>
THe point is /var/log messages gets alogs with all priorities and facilities
the default priority and facility for snort is log_auth and log_alert which causes syslog to log it in /var/log/secure
i want snort to log alerts with priority local6 and facility alert
then my syslog would redirect all syslogs with priority local6 (based on a rule i write in syslog.conf) to a listener ( netforensics agent)
so while i get logs in /varlog/messages i am not able o send it to the file or location i want and with the priority and facility i want
===== ninad purohit ninadonline(at)yahoo(dot)co(dot)in have a nice day :-)
__________________________________ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail
On 24/02/05 00:56 -0800, Ninad Purohit wrote: <snip>
i want snort to log alerts with priority local6 and facility alert
Please prove that snort is not logging to local6.alert
then my syslog would redirect all syslogs with priority local6 (based on a rule i write in syslog.conf) to a listener ( netforensics agent)
Please show the relevant line from syslog.conf
Devdas Bhagat
-
Devdas Bhagat -
Ninad Purohit