[Snort-users] syslog viewer - One user's web based viewer

Bobby Brown bbrown at ...6536...
Tue Aug 6 06:51:02 EDT 2002


I placed the scripts I currently use to select and display syslog events
using a web browser at the link below. Feel free to use and experiment with
them yourselves. I would appreciate all improvements anyone adds to them
that I could use as well.

Thanks,

Bobby

Syslog events to web browser
http://www.netsecadmin.com/scriptlets/syslog/syslogreport.html






-----Original Message-----
From: spyguy [mailto:spyguy703 at ...741...]
Sent: Monday, August 05, 2002 4:53 PM
To: bbrown at ...6536...
Subject: Re: [Snort-users] syslog viewer


please do.

thx

On Monday 05 August 2002 02:49 pm, Bobby Brown wrote:
> I also send all snort sensors to a Kiwi standard syslog server. I wrote a
> little Perl script to parse the syslog file to display the current x
number
> of alerts and change color depending on the priority flag setting.
>
> I can post the script and samples to
> http://www.netsecadmin.com/cgi-bin/getsnipsweb.pl in a couple of days if
> interested. Nothing spectacular but works.
>
> Bobby
>
>
>
>
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of darek
> Sent: Monday, August 05, 2002 3:28 PM
> To: spyguy
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] syslog viewer
>
>
> The way I have it set up is that I start snort with the -s flag set.
>
> In /etc/syslogd.conf you can specify:
> !snort
> *.*                                             @some.host.on.your.net
>
> All alerts will be sent to that host. We use the Kiwi Syslog Daemon for
> Windows. It displays syslog messages from many different hosts; router
> messages, root logins, ftp sessions, smtp monitors, and snort.
>
> spyguy wrote:
> >Hello all,
> >
> >I would like to have all of my snort sensors log to syslog and have
syslog
> >sent to a single server. Unfortunately, I don't feel like reading through
> > a ton of syslog via ssh. I would rather view it on some sort
> > script-generated html page.
> >
> >Anyone have any recommendations? Is anyone doing any syslog output, and
if
> >yes, how do you view the logs?
> >
> >Thanks in advance.
> >
> >
> >-------------------------------------------------------
> >This sf.net email is sponsored by:ThinkGeek
> >Welcome to geek heaven.
> >http://thinkgeek.com/sf
> >_______________________________________________
> >Snort-users mailing list
> >Snort-users at lists.sourceforge.net
> >Go to this URL to change user options or unsubscribe:
> >https://lists.sourceforge.net/lists/listinfo/snort-users
> >Snort-users list archive:
> >http://www.geocrawler.com/redir-sf.php3?list=ort-users
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list