Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unrecognised syslog facility/priority in snort

From: Mayur Patil <ram.nath241089 () gmail com>
Date: Fri, 2 Aug 2013 10:42:04 +0530
Hello Pravin,

   I have tried your steps. I am getting snort logs when snort restarts
only

   on the remote rSyslog server.

  The problems I am facing are:

   1. I am not getting logs of alert on remote rSyslog server.
   2. When I tried command

   snort -c /etc/snort/snort.conf -i eth0

         snort is able to start in NIDS mode

        but it still gives error of unrecognised syslog facility host:
ip:port

    What am I doing wrong ??

    Please guide, Thanks !

*--
Cheers,
Mayur*.


On Fri, Aug 2, 2013 at 1:05 AM, praveen_recker . <praveen_recker () sify com>wrote:


Hi Mayur,

Try to follow steps given in below link.

http://darshanams.blogspot.in/2011/05/snort-logging-alerts-to-syslog-server.html

Best Regards,
Praveen darshanam


On Thu, Aug 1, 2013 at 4:04 PM, Mayur Patil <ram.nath241089 () gmail com>wrote:


Hello,

    I have done a lot google but found post mostly regarding Barnyard;
not specific to Snort

    I also tried various blog post for remote rSyslog exportation but not
getting answer for this.

    I set logs exportation settings as per manual of snort

    output alert_syslog: host=10.1.1.1:514, <facility> <priority>
<options>

    So, in snort.conf file

    #syslog

    output alert_syslog: host=ip:port, LOG_AUTH LOG_ALERT

    it gives error of unrecognised facility when I run snort in NIDS mode.

    But it does not give error for

    output alert_syslog: LOG_AUTH LOG_ALERT

    What is going wrong ?

    Please guide.

    Thanks !!


P.S. :  Snort.conf file :  http://pastebin.com/dkMRrfxp
--




------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: