Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Snort Development » bug - alert_syslog does not work on win32 platform version 2.4.2

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

bug - alert_syslog does not work on win32 platform version 2.4.2


Posted by capivara on December 14, 2005 10:22:15

I am running snort 2.4.2 on xp sp2.
When I configure the alert_syslog to go to a know working syslog server (remote machine), I only get the alerts on the local windows event log (application). I tried ip without default port and ip with port and get the same results.

Following is the section I configured. I have looked in the forums and have not found anyone who has successfully used the alert_syslog on windows.

# Step #3: Configure output plugins
#
# Uncomment and configure the output plugins you decide to use. General
# configuration for output plugins is of the form:
#
# output :
#
# alert_syslog: log alerts to syslog
# ----------------------------------
# Use one or more syslog facilities as arguments. Win32 can also optionally
# specify a particular hostname/port. Under Win32, the default hostname is
# '127.0.0.1', and the default port is 514.
#
# [Unix flavours should use this format...]
# output alert_syslog: LOG_AUTH LOG_ALERT
#
# [Win32 can use any of these formats...]
# output alert_syslog: LOG_AUTH LOG_ALERT
# output alert_syslog: host=hostname, LOG_AUTH LOG_ALERT
# output alert_syslog: host=hostname:port, LOG_AUTH LOG_ALERT
output alert_syslog: host=159.69.38.85:514, LOG_AUTH LOG_ALERT

Posted by DarrenInNY on October 24, 2006 11:25:22

I am using version 2.6.0.2 and can not get this to log to my syslog server either. Has this bug been addressed or at least acknowledged?

Posted by capivara on October 24, 2006 11:52:47

Last time I contacted them I got the impression they were not going to fix it.
I would contact them and see if there is a way to report bugs. They may not consider it a bug, but there is no reason it cannot be made to work.
If you do find out any other info, I would be grateful if you would post a reply. Thank you.
site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.