LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Snort not send Alert to remote syslog server
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-28-2018, 10:09 AM   #1
yackluminoso
LQ Newbie
 
Registered: Jul 2016
Posts: 15

Rep: Reputation: Disabled
Snort not send Alert to remote syslog server

Snort run and log alert in file /var/log/snort/alert but the alert not are send to remote syslog server. I followed the instructions in the snort manual and rsyslog but nothing. Individually Snort and RSyslo work correctly but it seems that Snort can not pass the alerts to rsyslog. If I use logger everything works.

In rsyslog.conf ==> authpriv.alert @XXX.ZZZ.VVV.RRR:514 and the test


logger -p authpriv.alert "testXXX" work.

Snort log alert in /var/log/snort/alert but nothing arrives at the remote syslog server
 
Old 03-29-2018, 04:21 AM   #2
JJJCR
Senior Member
 
Registered: Apr 2010
Posts: 2,167

Rep: Reputation: 449Reputation: 449Reputation: 449Reputation: 449Reputation: 449
Have you tried sending manually an email to your own email address?

Check whether it will work or not.

If it doesn't work then I guess you know what you should do and why snort does not work.

Good luck!!

Hint: if it doesn't work setup sendmail or whatever email client in your distro.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
shell Script to execute multiple times,if not succeed send an email alert with the server status nareshreddyn Programming 4 09-25-2017 02:26 PM
Enable Audit logs to send logs to syslog-ng (remote server) Iyyappan Linux - Server 5 01-07-2014 04:15 PM
[SOLVED] Send syslog log to rsyslog server? is possible? JohnV2 Slackware 9 10-13-2011 01:37 PM
[SOLVED] I can send syslog log to rsyslog server? how? JohnV2 Linux - Server 6 10-13-2011 08:55 AM
send syslog to remote server problem td3201 Linux - Server 11 09-14-2009 09:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:25 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration