[Snort-users] Re: Project PigRoast and logging...

Jason Haar Jason.Haar at ...294...
Tue Oct 10 23:04:18 EDT 2000


On Tue, Oct 10, 2000 at 01:17:51PM -0700, Max Vision wrote:
> syslog-ng  http://www.balabit.hu/products/syslog-ng/
> ssyslog    http://www.core-sdi.com/english/slogging/ssyslog.html (defunct)
> msyslog    http://www.core-sdi.com/english/slogging/modular-dl.htm (new)
> SRS        http://www.w00w00.org/files/SRS/
> 
> It seems that short of special Snort output plugins (possibly snortnet?), 
> the simplest way to collect and analyze alerts is by pooling syslog 
> messages to a central loghost, then post-processing those logs with a tool 
> such as snortsnarf (http://www.silicondefense.com/snortsnarf/).

Whoa people! Don't forget snort already has MySQL support! 

Why bother with grotty old syslog when you can have several snort servers
dumping to the same SQL server?

I mean syslog is UDP and lossy, etc, etc....

-- 
Cheers

Jason Haar

Unix/Network Specialist, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417
               



More information about the Snort-users mailing list