OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Thorin (thorinoakenshieldmediaone.net)
Date: Fri Jan 26 2001 - 19:41:21 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I believe the '-N' option Turns off logging but alerts still work.
    I also believe command-line options override what you have defined
    in the conf file.

    You may want to remove '-N' and try again.

    --Thorin

    ----- Original Message -----
    From: "Peter Bates" <peter.bateslshtm.ac.uk>
    To: "snort-users" <snort-userslists.sourceforge.net>
    Sent: Friday, January 26, 2001 11:26
    Subject: Re: [Snort-users] Logging alerts two places at once

    >
    > Hello again all...
    >
    > >
    > > > >output syslog: LOG_AUTH LOG_ALERT
    > >> >output full: alert
    > >>
    > >> I was about to ask the same question (thanks Lance!)...
    > >>
    > >> I've got the above in my snort.conf, but no joy
    > >> in terms of the file logging...
    > > >
    > >
    > >You need to not specify -A and -s options on the command line. You
    > >should see a warning about command line options overriding the config
    > >file.
    >
    > Sorry to keep on about this, but it's still not working for me...
    >
    > My command-line options are:
    >
    > /usr/sbin/snort -u snort -g snort -de -D -i eth1 -N -c
    > /etc/snort-local/snort.conf
    >
    > The lines in my snort.conf are:
    >
    > output syslog: LOG_ALERT
    > output full: alert
    >
    > and I get the full alerts in the file fine...
    >
    > But no syslogging!
    >
    > I can specify -A full and -s on the command-line
    > as well, as get an either/or situation, but not both...
    >
    > If I switch to
    >
    > output alert_syslog: LOG_ALERT
    > (as mentioned in snort.conf.dist)
    >
    > I get syslogging, but then no file log...
    >
    >
    > Am I missing something?
    >
    > --
    > ---------------------------------------------------------------->
    > Peter Bates, Systems Support Officer, Network Support Team.
    > London School of Hygiene & Tropical Medicine.
    > Telephone:0207-927 2124 / Fax:0207-436 5389 / Pager: 07625 255362
    >
    > _______________________________________________
    > Snort-users mailing list
    > Snort-userslists.sourceforge.net
    > Go to this URL to change user options or unsubscribe:
    > http://lists.sourceforge.net/lists/listinfo/snort-users

    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    http://lists.sourceforge.net/lists/listinfo/snort-users