[Snort-users] Project PigRoast and logging...
jason at ...418...
Tue Oct 10 10:53:18 EDT 2000
I believe you can log to multiple machines at once. So you can take 3 separate machines who are doing independent logging and have those log to one machine and just echo such alerts to the console or run your log parser on those logs.
Doesn't seem like something extremely special. I may be wrong but that's my current understanding.
Joe Magee wrote:
> Hey max, I haven't really introduced myself before however I'm a fan of your site. I was wondering what thoughts you have about Project PigRoast thing I'm working on. have you seen something like this done before? do you currently do any remote logging or log collaboration? I'm trying to play with the best way to go about doing this.
> What I would like to do is have all my snort machines log back to a single host. then have that host either run snortsnarf and present all log material in html format or transport the logs somewhere where they can be viewed. One of my most important goals is to be able to hand the monitoring job over to a "sysops" type of person who will watch the logs and respond accordingly, so what I need to do is get the data a "console" for monitoring so I can then start writing respond and react type of policies.
> any ideas?
> Joe Magee
> Information Security Engineer
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
More information about the Snort-users