[Oisf-users] logging to syslog

Victor Julien victor at inliniac.net
Tue Dec 14 21:24:06 UTC 2010 

Thomas Mueller wrote:
>>> What needs to be turned on to use syslog?
>> The syslog output you enabled is only applied to the output messages the
>> suricata engine produces at startup, shutdown, etc. Not to the alert
>> outputs. That is something we plan to add, just haven't gotten to that
>> yet.
> 
> 
> OK , but there are no messages at all logged to syslog. no startup 
> messages etc. 
> 
> i do start it like this:
> 
> # suricata -c /etc/suricata/suricata-open.yaml -i eth2 -D
> [20003] 13/12/2010 -- 08:36:52 - (suricata.c:423) <Info> (main) -- This is Suricata version 1.0.2
> [20003] 13/12/2010 -- 08:36:52 - (util-cpu.c:167) <Info> (UtilCpuPrintSummary) -- CPUs Summary: 
> [20003] 13/12/2010 -- 08:36:52 - (util-cpu.c:169) <Info> (UtilCpuPrintSummary) -- CPUs online: 1
> [20003] 13/12/2010 -- 08:36:52 - (util-cpu.c:171) <Info> (UtilCpuPrintSummary) -- CPUs configured 1
> Initialization syslog logging with format "[%i] <%d> -- ".
> [20003] 13/12/2010 -- 08:36:52 - (output.c:60) <Info> (OutputRegisterModule) -- Output module "AlertFastLog" registered.
> [20003] 13/12/2010 -- 08:36:52 - (output.c:60) <Info> (OutputRegisterModule) -- Output module "AlertDebugLog" registered.
> [20003] 13/12/2010 -- 08:36:52 - (output.c:60) <Info> (OutputRegisterModule) -- Output module "AlertPrelude" registered.
> [20003] 13/12/2010 -- 08:36:52 - (output.c:60) <Info> (OutputRegisterModule) -- Output module "AlertUnifiedLog" registered.
> [20003] 13/12/2010 -- 08:36:52 - (output.c:60) <Info> (OutputRegisterModule) -- Output module "AlertUnifiedAlert" registered.
> [20003] 13/12/2010 -- 08:36:52 - (output.c:60) <Info> (OutputRegisterModule) -- Output module "Unified2Alert" registered.
> [20003] 13/12/2010 -- 08:36:52 - (output.c:60) <Info> (OutputRegisterModule) -- Output module "LogHttpLog" registered.
> 
> in /var/log/daemon.log i can't find any message from suricata.
> 
> Testing with "logger -p daemon.info test" works - "test" is appended to daemon.log.

Hi Thomas, thanks for your report. There turned out to be a bug.
Attached is Anoop's patch to fix it. Alternatively, you can use our
current git master.

Cheers,
Victor

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-always-read-config.h-header-file-first.patch
Type: application/mbox
Size: 1922 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20101214/f7c7f756/attachment.mbox>

More information about the Oisf-users mailing list