[Snort-users] Remote syslog server using snort.conf
michael.boman at ...4162...
Sat Aug 24 20:45:07 EDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
On Sunday 25 August 2002 11:14, Sandy Taylor wrote:
> I have read through the manual and FAQ. I found how to log to a remote
> syslog server at the command line and how to log to a syslog server on the
> local machine.
> But what I want to do is both log to a MySQL database and a remote syslog
> server. Thusly, I have to use the snort.conf to log to both right? So, the
> 10k dollar question is how do I configure snort.conf to log to a remote
> syslog server? Can I specify a port (other than the default)?
> Any suggestions would be appreciated.
> Thank you.
You didn't specify what OS you are using, but I'll assume that you are on some
kind of UNIX machine (Linux/BSD/Solaris etc).
The answer in that case is: you don't configure the remote syslog server at
all in snort.conf
It is in syslog.conf (/etc/syslog.conf) that you should edit, and
syslog.conf(5) man page tells you how to do it ;)
(didn't want to spell it straight out, but it has something to do with the '@'
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the Snort-users