Logged In: NO

additiona information!

swatch version 3.1.1
other log can be taken by swatch, for example /var/log/messages and /var/log/
secure. Just not can not be taken snort alert.

snort openning script as follows

swatch -c /etc/swatchrc/.swatchrc_snort_alert -t /var/log/snort/alert

snort version up on source, not rpm.