Snort mailing list archives

RE: Setting up snort to syslog diffrent priority's

From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Tue, 29 Apr 2003 12:12:25 -0400

Check out the Snort docs [0], but the option you're probably looking for is:


    output alert_syslog: <facility> <priority> <options>

- Christopher

[0] http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.5.1


-----Original Message-----
From: Jason A. Kates [mailto:jason () kates org]
Sent: Tuesday, April 29, 2003 12:26 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Setting up snort to syslog diffrent priority's


What I am looking to do is to have snort do remote logging via syslog.

Currently all of the syslog messages received from my snort
installation are being logged with a syslog level of info.

I would like to map the snort Priorities to syslog levels and I don't
seem to see how to do it.

I would like to be able to setup a mapping such as:
snort priority: 1  to syslog level err
snort priority: 2  to syslog level warning
snort priority: 3  to syslog level notice


If my configurations or startup script would be of any use please let me
know. 
                        Thanks -Jason

-- 
----------------------------------------------------------------------------
Jason A. Kates (jason () kates org) 
Fax:    208-975-1514
============================================================================




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Setting up snort to syslog diffrent priority's Jason A. Kates (Apr 29)
- Re: Setting up snort to syslog diffrent priority's Erek Adams (Apr 29)
- <Possible follow-ups>
- RE: Setting up snort to syslog diffrent priority's L. Christopher Luther (Apr 29)