[Snort-users] Re:logging [was: ideal setup]
kyoung at ...6513...
Wed Aug 7 16:47:01 EDT 2002
[Someone wrote to me in a private e-mail, but I thought I'd also send a
copy to the list since this seems to be a FAQ].
(Anonymous Person) wrote:
> Do you have syslog working to an external syslog server from snort? If
> so what does the line in your snort.conf file look it. That is if you
> don't mind helping out.
Actually, you should use syslog to handle this. I would recommend syslog-ng:
syslog-ng runs over TCP (which is usually easier to get through a
firewall) instead of udp and can run through a ssh/stunnel encrypted
In the syslog-ng config file, point to the syslog server in the DMZ or
to an aliased redirect interface on the firewall.
-kyoung at ...6513...
More information about the Snort-users