Thanks David sir for quick help and sorry for late reply because my setup is in college :)
what does a log message that is lost (i.e. something that wireshark sees > but doesn't get written to the logs) look like? > In wireshark it appears as http://fpaste.org/45338/ > how's it formatted, > The export format setup by snort application is LOG_AUTH LOG_ALERT what IP is it from, etc? > it is from rsyslog client machine[on which snort is installed] i.e. * 172.20.54.211* Seeking for guidance, Thanks!! *-- * *Cheers, Mayur * _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
