Re: [Snort-users] Snort not logging to syslog

in your /etc/syslog.conf, where do you have auth logging to?

Joel


On Sep 14, 2005, at 3:06 AM, Dahlmann, Stephan wrote:

> Hi all,
>
> i have installed snort on a debian box with two sensors.
> Snort is running fine, BASE is running fine and i'm currently  
> working on the further configuration (signatures and so on).
>
> One important thing for us is to get some kind of eMail if there is  
> an alert. After searching for some possibilities to implement that  
> feature i found fwlogwatch.
>
> I now have running both snort-mysql and fwlogwatch, installed with  
> debian packets of Sarge (stable).
>
> The problem is: snort logs to MySQL, but not to syslog.
> I activated
> output alert_syslog: LOG_AUTH LOG_ALERT
> in my snort.conf but there are no entries made in /var/log/syslog.  
> I can only see the starting / stopping messages of snort...
>
> Is there a problem when both ouput plugins (database and  
> alert_syslog) are activated?
> I read about starting snort with -s parameter, but if I do that  
> snort throws an error that parameters are overriding config or so.  
> Sorry, don't remember exactly.
>
> fwlogwatch should be setup correctly, i can view the web interface  
> and i get the daily reports (which are empty). But because snort  
> doesn't log to syslog it can't send me an eMail... ;)
>
> It would be great if someone could give me a hint on whats wrong.  
> If more information is needed please tell me!
>
> Thanks for your time,
> stephan
>
>
> P.S.: this is my first post in a mailing list so i hope i did  
> everything correctly ;)