snort-devel February 2014 archive
Main Archive Page > Month Archives  > snort-devel archives
snort-devel: [Snort-devel] Snort Standard out / error logging (

[Snort-devel] Snort Standard out / error logging (UNCLASSIFIED)

From: Wright, Jonathon S CTR (US) <jonathon.s.wright.ctr_at_nospam>
Date: Wed Feb 19 2014 - 20:38:06 GMT
To: "<snort-devel@lists.sourceforge.net>" <snort-devel@lists.sourceforge.net>

Classification: UNCLASSIFIED
Caveats: NONE

Hey list,

This might be an easy one. So
I know that you can change the logging directory with the -l option, but
that is specifically for snort alerts. I'm looking to change the standard
out and error logging directory.

Here is how I startup snort now:

/usr/sbin/snort -D -i em1 -u my_user -g my_group -c
/usr/local/etc/snort/snort.conf -l /var/data/snort -F
/usr/local/etc/snort/filter.conf -m 027 --pid-path /var/data/snort
--nolock-pidfile

I'm running RHEL 6.5 64bit with snort 2.9.5.6, and during startup, all the
information / warnings go to /var/log/messages. I want the standard out /
error messages (2&1) to go to something like /var/log/snort. I'm looking for
a similar solution for barnyard2 as well. Is it as simple as redirecting the
/etc/init.d/snortd startup to 2&1 >> /var/log/snort, or is there a CLI
option I can add to my startup line above to achieve the same thing?

Thanks!

JW

Classification: UNCLASSIFIED
Caveats: NONE

------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk

_______________________________________________
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!