[Snort-users] Re: Project PigRoast and logging...
Jason.Haar at ...294...
Tue Oct 10 23:04:18 EDT 2000
On Tue, Oct 10, 2000 at 01:17:51PM -0700, Max Vision wrote:
> syslog-ng http://www.balabit.hu/products/syslog-ng/
> ssyslog http://www.core-sdi.com/english/slogging/ssyslog.html (defunct)
> msyslog http://www.core-sdi.com/english/slogging/modular-dl.htm (new)
> SRS http://www.w00w00.org/files/SRS/
> It seems that short of special Snort output plugins (possibly snortnet?),
> the simplest way to collect and analyze alerts is by pooling syslog
> messages to a central loghost, then post-processing those logs with a tool
> such as snortsnarf (http://www.silicondefense.com/snortsnarf/).
Whoa people! Don't forget snort already has MySQL support!
Why bother with grotty old syslog when you can have several snort servers
dumping to the same SQL server?
I mean syslog is UDP and lossy, etc, etc....
Unix/Network Specialist, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417
More information about the Snort-users