[Oisf-users] logging to syslog

[Thomas Mueller]

>> 
>> What needs to be turned on to use syslog?
> 
> The syslog output you enabled is only applied to the output messages the
> suricata engine produces at startup, shutdown, etc. Not to the alert
> outputs. That is something we plan to add, just haven't gotten to that
> yet.


OK , but there are no messages at all logged to syslog. no startup 
messages etc. 

i do start it like this:

# suricata -c /etc/suricata/suricata-open.yaml -i eth2 -D
[20003] 13/12/2010 -- 08:36:52 - (suricata.c:423) <Info> (main) -- This is Suricata version 1.0.2
[20003] 13/12/2010 -- 08:36:52 - (util-cpu.c:167) <Info> (UtilCpuPrintSummary) -- CPUs Summary: 
[20003] 13/12/2010 -- 08:36:52 - (util-cpu.c:169) <Info> (UtilCpuPrintSummary) -- CPUs online: 1
[20003] 13/12/2010 -- 08:36:52 - (util-cpu.c:171) <Info> (UtilCpuPrintSummary) -- CPUs configured 1
Initialization syslog logging with format "[%i] <%d> -- ".
[20003] 13/12/2010 -- 08:36:52 - (output.c:60) <Info> (OutputRegisterModule) -- Output module "AlertFastLog" registered.
[20003] 13/12/2010 -- 08:36:52 - (output.c:60) <Info> (OutputRegisterModule) -- Output module "AlertDebugLog" registered.
[20003] 13/12/2010 -- 08:36:52 - (output.c:60) <Info> (OutputRegisterModule) -- Output module "AlertPrelude" registered.
[20003] 13/12/2010 -- 08:36:52 - (output.c:60) <Info> (OutputRegisterModule) -- Output module "AlertUnifiedLog" registered.
[20003] 13/12/2010 -- 08:36:52 - (output.c:60) <Info> (OutputRegisterModule) -- Output module "AlertUnifiedAlert" registered.
[20003] 13/12/2010 -- 08:36:52 - (output.c:60) <Info> (OutputRegisterModule) -- Output module "Unified2Alert" registered.
[20003] 13/12/2010 -- 08:36:52 - (output.c:60) <Info> (OutputRegisterModule) -- Output module "LogHttpLog" registered.

in /var/log/daemon.log i can't find any message from suricata.

Testing with "logger -p daemon.info test" works - "test" is appended to daemon.log.

- Thomas