2.6.1 alert_syslog

This module sends alerts to the syslog facility (much like the -s command line switch). This module also allows the user to specify the logging facility and priority within the Snort config file, giving users greater flexibility in logging alerts.

2.6.1.1 Available Keywords

2.6.1.1.1 Facilities

• log_auth
• log_authpriv
• log_daemon
• log_local0
• log_local1
• log_local2
• log_local3
• log_local4
• log_local5
• log_local6
• log_local7
• log_user

2.6.1.1.2 Priorities

• log_emerg
• log_alert
• log_crit
• log_err
• log_warning
• log_notice
• log_info
• log_debug

2.6.1.1.3 Options

• log_cons
• log_ndelay
• log_perror
• log_pid

2.6.1.2 Format

verbatim516#

rawhtml155#

As WIN32 does not run syslog servers locally by default, a hostname and port can be passed as options. The default host is 127.0.0.1. The default port is 514.

rawhtml156#

verbatim517#

2.6.1.3 Example

verbatim518#