Project

General

Profile

Actions

Feature #7535

open

Snort messages filling System / General. Should have its own log.

Added by Daryl Morse over 4 years ago. Updated almost 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Snort
Target version:
-
Start date:
05/10/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

I'm running 2.3.4. Snort is completely burying other messages in System / General. It should have its own log.

Actions #1

Updated by Bill Meeks over 4 years ago

Do you have it configured to log alerts to the system log? Otherwise, it does not put too much info into the system log other than some messages from the scheduled rule updates. Logging alerts to the sytem log is not the best idea because that can cause a lot of stuff in the log. Better to use Barnyard2 and either its remote syslog option or one of the SQL DB options there.

Bill

Actions #2

Updated by Daryl Morse over 4 years ago

As far as I know, anything pertaining to logging is set to the default. It is set to send alerts to the system log. For something as verbose as snort, it would be beneficial if it had its own log category. I'm unfamiliar with barnyard.

Actions #3

Updated by Jared Dillard almost 3 years ago

  • Category set to Snort
Actions

Also available in: Atom PDF