Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Syslog Help

From: beenph <beenph () gmail com>
Date: Wed, 20 Mar 2013 08:02:47 -0400
On Wed, Mar 20, 2013 at 7:39 AM, Kevin Ross <kevross33 () googlemail com> wrote:

Ok I have tried and nothing on loopback :( I am sure this is working because
other logging formats work so just not syslog. I have attached my recent
barnyard2.conf file and I think I already posted what it is running as.



Hi Kevin,

If you try to log to local syslog for testing purpose does it work?

output alert_syslog_full: sensor_name XXXX, local ?

Also in your test examples I have seen that you try to log
with LOG_LOCAL1.

You need to use the log_facility directive before LOG_LOCAL1

output alert_syslog_full: sensor_name XXXXXXX, server XXX.XXX.XXX.XXX,
log_facility LOG_LOCAL1


See output plugin directives in barnyard2.conf

# syslog_full
#-------------------------------
# Available as both a log and alert output plugin.  Used to output
data via TCP/UDP or LOCAL ie(syslog())
# Arguments:
#      sensor_name $sensor_name         - unique sensor name
#      server $server                   - server the device will report to
#      local                            - if defined, ignore all
remote information and use syslog() to send message.
#      protocol $protocol               - protocol device will report
over (tcp/udp)
#      port $port                       - destination port device will
report to (default: 514)
#      delimiters $delimiters           - define a character that will
delimit message sections ex:  "|", will use | as message section
delimiters. (default: |)
#      separators $separators           - define field separator
included in each message ex: " " ,  will use space as field separator.
            (default: [:space:])
#      operation_mode $operaion_mode    - default | complete : default
mode is compatible with default snort syslog message, complete prints
more information such as the raw packet (hexed)
#      log_priority   $log_priority     - used by local option for
syslog priority call. (man syslog(3) for supported options) (default:
LOG_INFO)
#      log_facility  $log_facility      - used by local option for
syslog facility call. (man syslog(3) for supported options) (default:
LOG_USER)
#      payload_encoding                 - (default: hex)  support hex
or ascii for log_syslog_full only.

-elz

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: