NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Snort IDS> 2005-09

RE: [Snort-users] log to syslog but not to /var/log/snort/ directory

From: Andre' M. DiMino (tsamp77optonline.net)
Date: Fri Sep 02 2005 - 08:07:09 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

One option is to configure your syslog service to log to a remote syslog
server.
Configure your syslog.conf file to send logs on the facility you set up for
snort to the remote server.

For example in snort.conf, you may have something like:
output alert_syslog: LOG_LOCAL3 LOG_ALERT

In your syslog.conf file, you could have:
local3.alert 192.168.10.10

You will need to configure your remote syslog server to accept the logs.

Also, this is quite a bit different if you are using syslog-ng.

HTH !

-----Original Message-----
From: snort-users-adminlists.sourceforge.net
[mailto:snort-users-adminlists.sourceforge.net] On Behalf Of Pablo Nebrera
Sent: Friday, September 02, 2005 6:46 AM
To: snort-userslists.sourceforge.net
Subject: [Snort-users] log to syslog but not to /var/log/snort/ directory

I want to log to syslog and it works perfectly with the syslog output
plugin. But I have space problems and I don´t want to use the
/var/log/snort/ directory.

Is that possible??

I have used the -N options and it doesn´t work. With this option doesn´t use
that directory but it doesn´t log to syslog either.

What option do I have to use??

Thanks for your help

Pablo

-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO September
19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile &
Plan-Driven Development * Managing Projects & Teams * Testing & QA Security
* Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users

-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]