[Snort-users] logging to remote loghost <<< disreguard >>>

John Kiehnle john at ...1477...
Thu Mar 8 04:30:01 EST 2001


Thanks anyway if you did respond but I got it dialed in. Now to start tweaking
my sensors. 

The astute reader would have wondered why I was trying to log alerts for use by
razorback from the "exposed sensor" anyway. Especially when I just stated that
I wanted "audible" alerts from the inside sensor only. The remote ACID console
produces ample display of malicious activity on the perimeter.

Gotta love the way caffein sharpens one's focus... even at midnight.

John


On 07 Mar 2001 23:38:22 PST, John Kiehnle said:

> Ok let me set up the scenerio here...
>  
>  I have a two sensor setup. One on the perimeter... the "exposed sensor", and
>  one inside to monitor for malicious packets that may have traversed my DMZ
>  obstacles.
>  
>  The external "exposed" sensor is streaming alerts to a remote mysql db / ACID
>  console inside the firewall.  That is all working fine... Thank you Jed Pickel.
>  
>  I really like the razorback audible alerts for inside the firewall so I also
>  use the syslog daemon to generate logs for it. I configured snort.conf to
>  stream the logfiles off the "exposed sensor" to a remote loghost via
>  configuration of the syslog daemon as follows;
>  
>  On the loghost, I invoke syslogd with the -r to listen on port 514 for
>  incomming log information from remote hosts.
>  
>  On the "exposed sensor" I have configured /etc/syslog.conf to stream all 
>  
>  *.warn;*.err @loghost
>  
>  Ok... that said, the "exposed sensor" is capturing packets and appears to be
>  streaming the logs to the remote loghost, but the loghost is not getting the
>  logs from the sensor like it should.
>  
>  My question is... What is available on the loghost side of things to
>  troubleshoot the syslog daemon? Id like to see if the logs are making it there
>  to begin with.
>  
>  BTW... I know this is a bit off topic. Thanks in advance.
>  
>  John
>  
>  
>   
>  
>   
>  -- 
>  John Kiehnle
>  
>  --- CHAOS -Where Great Dreams Begin ---
>  
>  Befor a great vision can become reality there may be difficulty. Befor a person
>  begins a great endeavor, they may encounter chaos.
>  
>  As a new plant breaks the ground with great difficulty, foreshadowing the huge
>  tree, so must we sometimes push against difficulty in bringing forth our
>  dreams.
>  
>  "Out of Chaos, Brilliant Stars are Born."
>  
>  I-Ching Hexagram #3
>  
>  
>  
>  _______________________________________________
>  Snort-users mailing list
>  Snort-users at lists.sourceforge.net
>  Go to this URL to change user options or unsubscribe:
>  http://lists.sourceforge.net/lists/listinfo/snort-users
>  

-- 
John Kiehnle

--- CHAOS -Where Great Dreams Begin ---

Befor a great vision can become reality there may be difficulty. Befor a person
begins a great endeavor, they may encounter chaos.

As a new plant breaks the ground with great difficulty, foreshadowing the huge
tree, so must we sometimes push against difficulty in bringing forth our
dreams.

"Out of Chaos, Brilliant Stars are Born."

I-Ching Hexagram #3






More information about the Snort-users mailing list