Message: 9 Date: Thu, 24 Feb 2005 18:40:45 +0530 From: Devdas Bhagat devdas@dvb.homelinux.org Subject: Re: [ILUG-BOM] Re snort trouble To: "GNU/Linux Users Group, Mumbai, India" linuxers@mm.ilug-bom.org.in Message-ID: 20050224184045.A1936@evita.devdas.geek Content-Type: text/plain; charset=us-ascii
On 24/02/05 00:56 -0800, Ninad Purohit wrote:
<snip> > i want snort to log alerts with priority local6 and > facility alert
Please prove that snort is not logging to local6.alert
then my syslog would redirect all syslogs with priority local6 (based on a rule i write in syslog.conf) to a listener ( netforensics agent)
Please show the relevant line from syslog.conf
the line from syslog is local6 @202.X.X.X i even tried logging it to a seperate file with local6 /var/log/snort.log
the line from snort.conf is output alert_syslog: LOG_LOCAL6 LOG_ALERT
but if i try file logging tail -f shows no logs comming in and i see no udp packets going to the destination host on port 514 in ethereal if i try forwarding it to a different host
===== ninad purohit ninadonline(at)yahoo(dot)co(dot)in have a nice day :-)
__________________________________ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail
-
Ninad Purohit