[Snort-users] Re:logging [was: ideal setup]

Keith Young kyoung at ...6513...
Wed Aug 7 16:47:01 EDT 2002


[Someone wrote to me in a private e-mail, but I thought I'd also send a 
copy to the list since this seems to be a FAQ].

(Anonymous Person) wrote:
> Do you have syslog working to an external syslog server from snort? If 
> so what does the line in your snort.conf file look it. That is if you 
> don't mind helping out.
> 

Actually, you should use syslog to handle this. I would recommend syslog-ng:
	http://www.balabit.hu/en/downloads/syslog-ng/

syslog-ng runs over TCP (which is usually easier to get through a 
firewall) instead of udp and can run through a ssh/stunnel encrypted 
connection.

In the syslog-ng config file, point to the syslog server in the DMZ or 
to an aliased redirect interface on the firewall.

-- 

-- 
--Keith Young
-kyoung at ...6513...






More information about the Snort-users mailing list