|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] log to syslog but not to /var/log/snort/ directory
From: Pablo Nebrera (pablonebrera
eneotecnologia.com)
Date: Wed Sep 07 2005 - 04:45:34 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I solved it :-D
I use the following output plugins:
# Step #3: Configure output plugins
output alert_syslog: LOG_AUTH LOG_ALERT
output alert_unified: filename /dev/null
output log_unified: filename /dev/null
using the last two plugings it doesn't create anything in
the /var/log/snort directory and only log to syslog ;-)
Thanks for your help
Pablo
El lun, 05-09-2005 a las 12:20 -0400, Jason Brvenik escribió:
> I suspect you need to disable some of the output methods.
>
> What is the result of grep output </path/to/snort.conf>
>
> Pablo Nebrera wrote:
> > Ye I know I can send the logs to a remote host and I even use it. But it
> > still create the /var/log/snort directory with a lot of logs there.
> >
> >
> > How can I avoid it??
> >
> >
> > Thanks
> >
> >
> > Pablo
> >
> > El vie, 02-09-2005 a las 09:07 -0400, Andre' M. DiMino escribió:
> >
> >>One option is to configure your syslog service to log to a remote syslog
> >>server.
> >>Configure your syslog.conf file to send logs on the facility you set up for
> >>snort to the remote server.
> >>
> >>For example in snort.conf, you may have something like:
> >>output alert_syslog: LOG_LOCAL3 LOG_ALERT
> >>
> >>In your syslog.conf file, you could have:
> >>local3.alert 192.168.10.10
> >>
> >>You will need to configure your remote syslog server to accept the logs.
> >>
> >>Also, this is quite a bit different if you are using syslog-ng.
> >>
> >>HTH !
> >>
> >>-----Original Message-----
> >>From: snort-users-adminlists.sourceforge.net
> >>[mailto:snort-users-adminlists.sourceforge.net] On Behalf Of Pablo Nebrera
> >>Sent: Friday, September 02, 2005 6:46 AM
> >>To: snort-userslists.sourceforge.net
> >>Subject: [Snort-users] log to syslog but not to /var/log/snort/ directory
> >>
> >>I want to log to syslog and it works perfectly with the syslog output
> >>plugin. But I have space problems and I don´t want to use the
> >>/var/log/snort/ directory.
> >>
> >>Is that possible??
> >>
> >>I have used the -N options and it doesn´t work. With this option doesn´t use
> >>that directory but it doesn´t log to syslog either.
> >>
> >>What option do I have to use??
> >>
> >>Thanks for your help
> >>
> >>
> >>Pablo
> >>
> >>
> >>
> >>-------------------------------------------------------
> >>SF.Net email is Sponsored by the Better Software Conference & EXPO September
> >>19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile &
> >>Plan-Driven Development * Managing Projects & Teams * Testing & QA Security
> >>* Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> >>_______________________________________________
> >>Snort-users mailing list
> >>Snort-userslists.sourceforge.net
> >>Go to this URL to change user options or unsubscribe:
> >>https://lists.sourceforge.net/lists/listinfo/snort-users
> >>Snort-users list archive:
> >>http://www.geocrawler.com/redir-sf.php3?list=ort-users
> >>
> >>
> >>
> >>-------------------------------------------------------
> >>SF.Net email is Sponsored by the Better Software Conference & EXPO
> >>September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
> >>Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> >>Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> >>_______________________________________________
> >>Snort-users mailing list
> >>Snort-userslists.sourceforge.net
> >>Go to this URL to change user options or unsubscribe:
> >>https://lists.sourceforge.net/lists/listinfo/snort-users
> >>Snort-users list archive:
> >>http://www.geocrawler.com/redir-sf.php3?list
> >>
> >
> >
> >
> >
> > -------------------------------------------------------
> > SF.Net email is Sponsored by the Better Software Conference & EXPO
> > September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
> > Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> > Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> > _______________________________________________
> > Snort-users mailing list
> > Snort-userslists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=ort-users
> >
>
>
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list
>
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]