[Snort-users] Project PigRoast and logging...
agent33 at ...187...
Tue Oct 10 15:47:04 EDT 2000
See also SnortNet and ACID/AIRCERT. They are both working on projects that
sound very similar to this. No need to reinvent the wheel :)
Links to these projects should be on the snort website.
> -----Original Message-----
> From: Jason Boyer [mailto:jason at ...418...]
> Sent: Tuesday, October 10, 2000 9:53 AM
> To: me at ...297...
> Cc: Max Vision; snort-users at lists.sourceforge.net;
> arachnids at ...4...
> Subject: Re: [Snort-users] Project PigRoast and logging...
> I believe you can log to multiple machines at once. So you
> can take 3 separate machines who are doing independent
> logging and have those log to one machine and just echo such
> alerts to the console or run your log parser on those logs.
> Doesn't seem like something extremely special. I may be wrong
> but that's my current understanding.
> Joe Magee wrote:
> > Hey max, I haven't really introduced myself before however
> I'm a fan of your site. I was wondering what thoughts you
> have about Project PigRoast thing I'm working on. have you
> seen something like this done before? do you currently do any
> remote logging or log collaboration? I'm trying to play with
> the best way to go about doing this.
> > http://www.joemagee.com/projectpigroast.htm
> > What I would like to do is have all my snort machines log
> back to a single host. then have that host either run
> snortsnarf and present all log material in html format or
> transport the logs somewhere where they can be viewed. One of
> my most important goals is to be able to hand the monitoring
> job over to a "sysops" type of person who will watch the logs
> and respond accordingly, so what I need to do is get the data
> a "console" for monitoring so I can then start writing
> respond and react type of policies.
> > any ideas?
> > Thanks
> > Joe Magee
> > Information Security Engineer
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > http://lists.sourceforge.net/mailman/listinfo/snort-users
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users