[Snort-users] Remote syslog server using snort.conf

Michael Boman michael.boman at ...4162...
Sat Aug 24 20:45:07 EDT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 25 August 2002 11:14, Sandy Taylor wrote:
> I have read through the manual and FAQ. I found how to log to a remote
> syslog server at the command line and how to log to a syslog server on the
> local machine.
>
>  But  what I want to do is both log to a MySQL database and a remote syslog
> server. Thusly, I have to use the snort.conf to log to both right? So, the
> 10k dollar question is how do I configure snort.conf to log to a remote
> syslog server? Can I specify a port (other than the default)?
>
> Any suggestions would be appreciated.
>
> Thank you.

You didn't specify what OS you are using, but I'll assume that you are on some 
kind of UNIX machine (Linux/BSD/Solaris etc).

The answer in that case is: you don't configure the remote syslog server at 
all in snort.conf

It is in syslog.conf (/etc/syslog.conf) that you should edit, and 
syslog.conf(5) man page tells you how to do it ;)

(didn't want to spell it straight out, but it has something to do with the '@' 
sign.)

Best regards
 Michael Boman

- -- 
Michael Boman
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
http://www.securecirt.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9aFKuds5fQJiraJwRAo9GAJsGfNHJrVPOklS5obUvzQp2spP1LgCdEH2G
becTPhfVkVaG/Tuq858zE9c=
=b273
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list