[Snort-users] Re:logging [was: ideal setup]

Keith Young kyoung at ...6513...
Wed Aug 7 16:47:01 EDT 2002

[Someone wrote to me in a private e-mail, but I thought I'd also send a 
copy to the list since this seems to be a FAQ].

(Anonymous Person) wrote:
> Do you have syslog working to an external syslog server from snort? If 
> so what does the line in your snort.conf file look it. That is if you 
> don't mind helping out.

Actually, you should use syslog to handle this. I would recommend syslog-ng:

syslog-ng runs over TCP (which is usually easier to get through a 
firewall) instead of udp and can run through a ssh/stunnel encrypted 

In the syslog-ng config file, point to the syslog server in the DMZ or 
to an aliased redirect interface on the firewall.


--Keith Young
-kyoung at ...6513...

More information about the Snort-users mailing list