Snort and logging

[Lars Norman Søndergaard <Lars.Sondergaard () intellinet dk>]

All,

 

I'm running Snort 1.8.3 on Win2K - my problem is that I would like to log
alerts to a syslog server (on another machine) but I would still like to
have alert.ids

I assumed that I should do something like

 

 {

   type alert

   output alert_syslog: LOG_AUTH LOG_ALERT

   output alert_full: alert-full.txt

 }

 

It seems that I need to specify snort -l c:\snort\log, otherwise snort.exe
will complain about /var/log/

 

What am I doing wrong here?


Thanks 
Lars