Re: #124169: snort: Lack of logging to /var/log/secure in default setup & log permissions
On Sat, 2 Feb 2002 19:30:15 +1100
Andrew Lau <netsnipe@debianplanet.org> wrote:
> GNOME front-end to snort. Razorback requires access to /var/log/secure
> in order to provide real time monitoring of snort's status. After
> reading the documentation to snort it would seem that snort is meant
> to log by default to /var/log/secure as enabled by -s in the man page
> and the option you specified in /etc/snort/snort.conf:
>
> -s Send alert messages to syslog. On Linux boxen,
> they will appear in /var/log/secure, /var/log/messages
> on many other platforms.
This is a syslog thing, by the looks of it.
snort can only specify the facility and level of the messages it sends
to syslog. syslog then decides where to put the messages.
--
.--=====-=-=====-=========----------=====-----------=-=-----=.
/ David Barclay Harris Aut agere, aut mori. \
\ Clan Barclay Either action, or death. /
`-------======-------------=-=-----=-===-=====-------=--=----'
Reply to: