ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001511ClearOSapp-intrusion-detection - Intrusion Detectionpublic2014-01-10 11:312015-11-23 12:38
ReporterNickH 
Assigned Touser2 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionno change required 
PlatformOSOS Version
Product Version6.5.0 
Target VersionFixed in Version 
Summary0001511: Duplicate Snort logging since 6.5
DescriptionThe files /var/log/snort/syslog (and their rotated copies), which are new since 6.5 was released, contain an exact duplicate of the snort entries in /var/log/messages from when snort starts up and this is wrong to me. The cause appears to be a new file, /etc/rsyslog.d/snort.conf, which sends the messages to the new file. This file is missing a trailing "& ~" which would stop the files going to /var/log/messages. If in doubt have a look at /etc/rsyslog.d/ipsec.conf for how it should be done.

Note this is heavily related to bugs 1263 and 1264.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0001128)
user2
2014-01-10 11:49

This is by design. We did not want to remove any logging for ClearOS 6 users since there are some customers that have already deployed reporting tools pointing to /var/log/messages. Similarly, the new (unreleased) IDS/IPS reporting tool needs to avoid parsing large/runaway /var/log/messages log files caused by other issues (e.g. spurious kernel logs).

For ClearOS 7, we have already planned to remove the duplication - tracker 0001264

- Issue History
Date Modified Username Field Change
2014-01-10 11:31 NickH New Issue
2014-01-10 11:49 user2 Note Added: 0001128
2014-01-10 11:49 user2 Status new => resolved
2014-01-10 11:49 user2 Resolution open => no change required
2014-01-10 11:49 user2 Assigned To => user2
2015-11-23 12:38 user2 Status resolved => closed