snort-devel February 2014 archive
Main Archive Page > Month Archives  > snort-devel archives
snort-devel: [Snort-devel] Snort Standard out / error logging (

[Snort-devel] Snort Standard out / error logging (UNCLASSIFIED)

From: Wright, Jonathon S CTR (US) <jonathon.s.wright.ctr_at_nospam>
Date: Wed Feb 19 2014 - 20:38:06 GMT
To: "<>" <>

Classification: UNCLASSIFIED
Caveats: NONE

Hey list,

This might be an easy one. So
I know that you can change the logging directory with the -l option, but
that is specifically for snort alerts. I'm looking to change the standard
out and error logging directory.

Here is how I startup snort now:

/usr/sbin/snort -D -i em1 -u my_user -g my_group -c
/usr/local/etc/snort/snort.conf -l /var/data/snort -F
/usr/local/etc/snort/filter.conf -m 027 --pid-path /var/data/snort

I'm running RHEL 6.5 64bit with snort, and during startup, all the
information / warnings go to /var/log/messages. I want the standard out /
error messages (2&1) to go to something like /var/log/snort. I'm looking for
a similar solution for barnyard2 as well. Is it as simple as redirecting the
/etc/init.d/snortd startup to 2&1 >> /var/log/snort, or is there a CLI
option I can add to my startup line above to achieve the same thing?



Classification: UNCLASSIFIED
Caveats: NONE

Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.

Snort-devel mailing list

Please visit for the latest news about Snort!