Home page logo
/

snort logo Snort mailing list archives

Snort and Syslog
From: Phil Daws <uxbod () splatnix net>
Date: Thu, 4 Apr 2013 13:23:54 +0100 (BST)

Hi,

When Snort starts it writes specific information to /var/log/messages eg.

Apr  4 12:01:40 fw1 snort[2951]: [ Port Based Pattern Matching Memory ]
Apr  4 12:01:40 fw1 snort[2951]: +- [ Aho-Corasick Summary ] -------------------------------------
Apr  4 12:01:40 fw1 snort[2951]: | Storage Format    : Full-Q
Apr  4 12:01:40 fw1 snort[2951]: | Finite Automaton  : DFA
Apr  4 12:01:40 fw1 snort[2951]: | Alphabet Size     : 256 Chars
Apr  4 12:01:40 fw1 snort[2951]: | Sizeof State      : Variable (1,2,4 bytes)
Apr  4 12:01:40 fw1 snort[2951]: | Instances         : 294
Apr  4 12:01:40 fw1 snort[2951]: |     1 byte states : 275
Apr  4 12:01:40 fw1 snort[2951]: |     2 byte states : 19
Apr  4 12:01:40 fw1 snort[2951]: |     4 byte states : 0
Apr  4 12:01:40 fw1 snort[2951]: | Characters        : 249637

How can I redirect those messages to a separate file as it plays havoc with OSSEC :) I have tried adding snort.none to 
rsyslog.conf for /var/log/messages and then added snort.* to direct too another file. That did not work :(

Any thoughts please ?

------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault