[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: #124169: snort: Lack of logging to /var/log/secure in default setup & log permissions



On Sat, Feb 02, 2002 at 04:02:56PM -0500, Matt Zimmerman wrote:

> I think what you are asking is for a line like this to be added to
> /etc/snort/snort.conf by default:
>
> output alert_syslog: LOG_AUTH LOG_ALERT
>
> By default, there don't seem to be any output plugins selected.
> Personally, I use a line like the above.

Yes this is what I would like to be the Debian default in snort. Does
enabling this option actually work on your box? However, as I stated
in my first email to debian-devel, I have tried this option already
and so far have not seen a single snort related incident being
reported in auth.log despite portscanning myself several times both
locally and remotely. So is there a bug in snort's syslog notification
capabilities?

Yours sincerely,
Andrew "Netsnipe" Lau

-- 
---------------------------------------------------------------------------
* Andrew 'Netsnipe' Lau          DebianPlanet.org Editor & Comp.Sci, UNSW *
*   "apt-get into it"                     Debian GNU/Linux New Maintainer *
*     <netsnipe @/ debianplanet.org>    <awhl435 @/ cse.unsw. edu.au>     * 
* PGP: 1024D/2E8B68BD: 0B77 73D0 4F3B F286 63F1  9F4A 9B24 C07D 2E8B 68BD *
---------------------------------------------------------------------------

Attachment: pgpo4gtCgNrxs.pgp
Description: PGP signature


Reply to: