Bro logging

Hello, I'm using Bro 1.0 with some success at high rates of traffic. I
would like to configure some automatic handling of
signiture/portscans/etc by parsing log output with SEC and syslog-ng. I set 'redef syslog_alarms = T;' in my site policy after which Bro failed to start giving this warning:

line 51 (syslog_alarms): error, "redef" used but not previously defined

I tried setting 'global enable_syslog = T &redef;' instead, but it didnt seem to put any of the warnings from signitures in syslog.

What is the proper way of doing this? Thanks.

Sorry, but the manual is not correct re: 'redef syslog_alarms = T;'

However by default all alarms should be going to syslog, (see bro.init: const enable_syslog = T &redef;)

You have alerts in your alarm file that are not in syslog? Maybe check you syslog.conf file?