<localfile>
<log_format>snort-fast</log_format>
<location>/var/log/snort/alert</location>
</localfile>
I'll change it to snort-full and see if that fixes it.
The snort log entry was added automatically on installing 0.9.1a (now upgraded to 0.9.2) - does the installation system attempt to auto-detect log types?
On 04/10/06,
Daniel Cid <[EMAIL PROTECTED]> wrote:
Something is wrong. Looks like to me that ossec is reading your
snort logs as syslog. Can you show us your /var/ossec/etc/ossec.conf
file? You need to make sure that the "log_format" is set to snort-full
for this log.
It needs to be:
<localfile>
<log_format>snort-full</log_format>
<location>/var/log/snort/alert</location>
</localfile>
