I've just noticed log files /var/log/snort/syslog (and their rotated copies) which are new since 6.5 was released. They contain an exact duplicate of the snort entries in /var/log/messages from when snort starts up and this is wrong to me. The cause appears to be a new file, /etc/rsyslog.d/snort.conf, which sends the messages to the new file. This file is missing a last line:
When I get time this afternoon I'll raise a bug report.
& ~
which would stop the logs then going to /var/log/messages. If in doubt, see /etc/rsyslog.d/ipsec.conf for how it should be done.When I get time this afternoon I'll raise a bug report.
Share this post:
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »