On Sat, Feb 02, 2002 at 04:02:56PM -0500, Matt Zimmerman wrote: > I think what you are asking is for a line like this to be added to > /etc/snort/snort.conf by default: > > output alert_syslog: LOG_AUTH LOG_ALERT > > By default, there don't seem to be any output plugins selected. > Personally, I use a line like the above. Yes this is what I would like to be the Debian default in snort. Does enabling this option actually work on your box? However, as I stated in my first email to debian-devel, I have tried this option already and so far have not seen a single snort related incident being reported in auth.log despite portscanning myself several times both locally and remotely. So is there a bug in snort's syslog notification capabilities? Yours sincerely, Andrew "Netsnipe" Lau -- --------------------------------------------------------------------------- * Andrew 'Netsnipe' Lau DebianPlanet.org Editor & Comp.Sci, UNSW * * "apt-get into it" Debian GNU/Linux New Maintainer * * <netsnipe @/ debianplanet.org> <awhl435 @/ cse.unsw. edu.au> * * PGP: 1024D/2E8B68BD: 0B77 73D0 4F3B F286 63F1 9F4A 9B24 C07D 2E8B 68BD * ---------------------------------------------------------------------------
Attachment:
pgpqVjeh3rUtR.pgp
Description: PGP signature