Project

General

Profile

Actions
Copy link

Feature #7535

open

Snort messages filling System / General. Should have its own log.

Added by Daryl Morse almost 7 years ago. Updated about 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Snort
Target version:
-
Start date:
05/10/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

I'm running 2.3.4. Snort is completely burying other messages in System / General. It should have its own log.

Actions
Copy link
 #1

Updated by Bill Meeks almost 7 years ago

Do you have it configured to log alerts to the system log? Otherwise, it does not put too much info into the system log other than some messages from the scheduled rule updates. Logging alerts to the sytem log is not the best idea because that can cause a lot of stuff in the log. Better to use Barnyard2 and either its remote syslog option or one of the SQL DB options there.

Bill

Actions
Copy link
 #2

Updated by Daryl Morse almost 7 years ago

As far as I know, anything pertaining to logging is set to the default. It is set to send alerts to the system log. For something as verbose as snort, it would be beneficial if it had its own log category. I'm unfamiliar with barnyard.

Actions
Copy link
 #3

Updated by Jared Dillard about 5 years ago

  • Category set to Snort
Actions
Copy link

Also available in: Atom PDF