[Oisf-users] logging to syslog
Victor Julien
victor at inliniac.net
Mon Dec 13 08:36:34 UTC 2010
Thomas Mueller wrote:
> hi
>
> i'm using suricata 1.0.2 from debian package.
>
> i've configured suricata to log to syslog (based on et suricata-open.yml):
>
> loggging:
> ...
> outputs:
> ...
> - syslog:
> enabled: yes
> facility: daemon
> format: "[%i] <%d> -- "
>
>
> but nothing ever hits the syslog logfiles. fast.log and http.log are
> getting filled with data.
>
> What needs to be turned on to use syslog?
The syslog output you enabled is only applied to the output messages the
suricata engine produces at startup, shutdown, etc. Not to the alert
outputs. That is something we plan to add, just haven't gotten to that yet.
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list