[Snort-users] Syslog on W2K
Don at ...5881...
Wed Jun 12 09:50:06 EDT 2002
I add the remote logging option to the command line, ie.. snort -s
xx.xx.xx.xx:514, altho this over-rules your snort.conf, so i dont think it
would also go to the mysql if you do that, I asked this question a little
while ago as well,
here's what someone told me, i havent tried it yet, but i assume you could
set a variable in the snort.conf being LOG_PID xx.xx.xx.xx (address of
remote syslog), then use the entry noted below, its not really clear to me
how this could be done, I think these commands/lines are unix based, and may
be way off for win32 port of snort.
''excerpt from message from "BShinn"
Here is an excerpt from syslog.conf, you could change the "/var/log/ids" to
Here is the line from snort.conf
output alert_syslog: LOG_LOCAL3 LOG_ALERT LOG_PID
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Steven Williams
Sent: Tuesday, June 11, 2002 8:57 PM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] Syslog on W2K
I am using snort 1.8.6 on W2K.
I wish to log to the mysql database, but also log to a syslog server using
the commands below;
output alert_syslog: LOG_AUTH LOG_ALERT host=X.X.X.X
output database: alert, mysql, user=username dbname=database
sensor_name=sensor1 password=password host=X.X.X.X
When I run snort, I get a warning message stating "Unrecognized syslog
Has anyone successfully got snort to syslog to a remote syslog server? If
so, can you let me know how you did it?
Also, has anyone got anything like Swatch on a W32 machine to report from
Communications Support Engineer
Computershare Technology Services
PH +61 3 92355651
FAX +61 3 94732409
This email and any files transmitted with it are solely intended for the
use of the
addressee(s) and may contain information that is confidential and
privileged. If you
receive this email in error, please advise us by return email immediately.
disregard the contents of the email, delete it and destroy any copies
Computershare Limited and its subsidiaries do not accept liability for the
expressed in the email or for the consequences of any computer viruses
that may be
transmitted with this email
This email is also subject to copyright. No part of it should be
reproduced, adapted or
transmitted without the written consent of the copyright owner.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users