Actions
Feature #7535
openSnort messages filling System / General. Should have its own log.
Status:
New
Priority:
Normal
Assignee:
-
Category:
Snort
Target version:
-
Start date:
05/10/2017
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Description
I'm running 2.3.4. Snort is completely burying other messages in System / General. It should have its own log.
Updated by Bill Meeks over 7 years ago
Do you have it configured to log alerts to the system log? Otherwise, it does not put too much info into the system log other than some messages from the scheduled rule updates. Logging alerts to the sytem log is not the best idea because that can cause a lot of stuff in the log. Better to use Barnyard2 and either its remote syslog option or one of the SQL DB options there.
Bill
Updated by Daryl Morse over 7 years ago
As far as I know, anything pertaining to logging is set to the default. It is set to send alerts to the system log. For something as verbose as snort, it would be beneficial if it had its own log category. I'm unfamiliar with barnyard.
Actions