Re: #124169: snort: Lack of logging to /var/log/secure in default setup & log permissions

[David B Harris <eelf@sympatico.ca>]

On Sat, 2 Feb 2002 19:30:15 +1100
Andrew Lau <netsnipe@debianplanet.org> wrote:
> GNOME front-end to snort. Razorback requires access to /var/log/secure
> in order to provide real time monitoring of snort's status. After
> reading the documentation to snort it would seem that snort is meant
> to log by default to /var/log/secure as enabled by -s in the man page
> and the option you specified in /etc/snort/snort.conf:
> 
>        -s     Send alert messages to  syslog.   On  Linux  boxen,
>               they will appear in /var/log/secure, /var/log/messages
> 	      on many other platforms.

This is a syslog thing, by the looks of it.

snort can only specify the facility and level of the messages it sends
to syslog. syslog then decides where to put the messages.

-- 
 .--=====-=-=====-=========----------=====-----------=-=-----=.
/    David Barclay Harris            Aut agere, aut mori.      \
\        Clan Barclay              Either action, or death.    /
 `-------======-------------=-=-----=-===-=====-------=--=----'