Can't get Snort to log to /var/log/secure

Can't get Snort to log to /var/log/secure

Post by Don Heffern » Thu, 09 Jan 2003 11:34:36

I run Snort on my home network.  I have always just dumped the alerts
to /var/log/secure and read them with snort2html.  I recently upgraded
the system (to RH 8.0) and installed the latest release of snort.

I tried to launch snort with the command line I used to use:
snort -s -c /etc/snort/snort.conf -D
(I am almost certain that I used to us the -s alone to log to
/var/log/secure) but that results in snort complaining and quitting.
I tried it with:
snort -s /var/log/secure ...  and
snort -s /var/log ...
in both cases snort runs but I don't get any alerts.

When I run snort with the regular logging:
snort -l /var/log/snort -c ....
it works fine, but then I can't use the simple snort2html approach to
reading the alerts.

I set the output in snort.conf to:
output alert syslog: LOG_AUTH LOG_ALERT
but that doesn't help.

Am I missing something simple?