[Snort-users] Snort net problems

Aaron S. Carmichael aaron at ...532...
Sat Sep 30 11:30:25 EDT 2000


I have syslog send me the Alerts off site to my workstation. I use Kiwi's
Syslog Daemon there which has a number of nice features including paging and
email alerts.

Add something like this to your /etc/hosts file

yourdesktopIP		@loghost

Add something like the following to your /etc/syslog.conf file

kern.crit                                               @loghost
*.alert                                                 @loghost
*.emerg                                                 @loghost
Authpriv.*								  @loghost

Get a unregistered version of kiwi's syslog daemon and either register it or
not. More features if you do.
http://www.kiwi-enterprises.com/

set it up


works quite well.. I believe we are going to see different setting for snort
soon that allow us to determine how snort interacts with syslog. Like if a
certain rule should be logged to Auth.Alert or something less critical
etc...



Aaron S. Carmichael
VP Information Technology
TimeCertain, LLC.
202-244-3243 (voice)
202-244-5694 (fax)
aaron at ...532...
http://www.timecertain.com

----------------------------------------
This message is for the named persons use only.  It may contain
confidential, proprietary or legally privileged information.  No
confidentiality or privilege is waived or lost by any mistransmission.  If
you receive this message in error, please immediately delete it and all
copies of it from your system, destroy any hard copies of it and notify the
sender.  You must not, directly or indirectly, use, disclose, distribute,
print, or copy any part of this message if you are not the intended
recipient. Any views expressed in this message are those of the individual
sender, except where the message states otherwise and the sender is
authorized to state them to be the views of any such entity.


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of k timm
Sent: Saturday, September 30, 2000 8:49 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort net problems


I tried installing snort net and had a ton of errors with the patch. Does
any
have any ideas or clues. I am using source from snort 1.6-2.  Is there any
other way to do remote logging of snort alerts.
Thanks in advance
   --  Kevin Timm
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Aaron S. Carmichael (E-mail).vcf
Type: text/x-vcard
Size: 483 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20000930/53fe020d/attachment.vcf>


More information about the Snort-users mailing list