[Snort-users] Win32 port and Syslog

Frank Knobbe FKnobbe at ...649...
Sat Nov 18 18:52:56 EST 2000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

I wanted to make a recommendation to Snort here in the this list in
hopes to gather some support :)

I'm running the Win32 port of Snort and am pretty happy with it. I
have a script running that monitors the log file, and depending on
the event logged, it will reconfigure my firewall to block the
offender (Snort is running as an Attack Detection System outside the
firewall. Please don't start a thread on that, we just had that in
another list :)

Anyway, what I would really like is the ability to send Syslog
messages. Unfortunately the Win32 port does not do that, instead it
logs to the EventLog. Can't this be made an option? I think the user
should be given the choice to log to the EventLog or to send a Syslog
packet to a Syslog server. Marty, is that something you can add in
the next version please?

Sending a Syslog packet would help greatly in automating events since
a script can watch for and receive Syslog packets, and then trigger
an action. This mechanism would be quicker than monitoring the log
file. Any supporters for the optional Syslog under Win32?

Regards,
Frank


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME encrypted email preferred.

iQA/AwUBOhcWWERKym0LjhFcEQIF5gCgqRRQPu28ckQurcaATF2zAA0h7aQAniPB
+7hMn8TcqW0m99wHMb5Jm8o7
=FVEY
-----END PGP SIGNATURE-----



More information about the Snort-users mailing list