<snip> ----------------------------------------------------- If snort is logging to syslog, then you need to configure your syslogd to forward the traffic to the other host. Once Snort dumps the traffic to /dev/log, it is not the responsibility of Snort to send it elsewhere.
man 5 syslog.conf man 8 syslogd ----------------------------------------------------- </snip>
THe point is /var/log messages gets alogs with all priorities and facilities
the default priority and facility for snort is log_auth and log_alert which causes syslog to log it in /var/log/secure
i want snort to log alerts with priority local6 and facility alert
then my syslog would redirect all syslogs with priority local6 (based on a rule i write in syslog.conf) to a listener ( netforensics agent)
so while i get logs in /varlog/messages i am not able o send it to the file or location i want and with the priority and facility i want
===== ninad purohit ninadonline(at)yahoo(dot)co(dot)in have a nice day :-)
__________________________________ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250