[Snort-users] Syslog on W2K

Don Don at ...5881...
Wed Jun 12 09:50:06 EDT 2002


I add the remote logging option to the command line, ie.. snort -s
xx.xx.xx.xx:514, altho this over-rules your snort.conf, so i dont think it
would also go to the mysql if you do that, I asked this question a little
while ago as well,
here's what someone told me, i havent tried it yet, but i assume you could
set a variable in the snort.conf being LOG_PID xx.xx.xx.xx (address of
remote syslog), then use the entry noted below, its not really clear to me
how this could be done, I think these commands/lines are unix based, and may
be way off for win32 port of snort.

Don

''excerpt from message from "BShinn"
Here is an excerpt from syslog.conf, you could change the "/var/log/ids" to

"@ip.of.remote.host"

---------------

local3.*

/var/log/snortlog

*.info;local2.none;mail.none;authpriv.none;cron.none

/var/log/messages

..

Here is the line from snort.conf

output alert_syslog: LOG_LOCAL3 LOG_ALERT LOG_PID

  -----Original Message-----
  From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Steven Williams
  Sent: Tuesday, June 11, 2002 8:57 PM
  To: 'snort-users at lists.sourceforge.net'
  Subject: [Snort-users] Syslog on W2K


  Hi,



  I am using snort 1.8.6 on W2K.



  I wish to log to the mysql database, but also log to a syslog server using
the commands below;



  output alert_syslog: LOG_AUTH LOG_ALERT host=X.X.X.X

  output database: alert, mysql, user=username dbname=database
sensor_name=sensor1 password=password host=X.X.X.X



  When I run snort, I get a warning message stating "Unrecognized syslog
facility/priority: host=X.X.X.X"



  Has anyone successfully got snort to syslog to a remote syslog server? If
so, can you let me know how you did it?



  Also, has anyone got anything like Swatch on a W32 machine to report from
Syslog Files?



  Thanks



  Steve





  Steve Williams

  Communications Support Engineer

  Computershare Technology Services



  PH +61 3 92355651

  FAX +61 3 94732409

  www.computershare.com





  ---
  This email and any files transmitted with it are solely intended for the
use of the
  addressee(s) and may contain information that is confidential and
privileged. If you
  receive this email in error, please advise us by return email immediately.
Please also
  disregard the contents of the email, delete it and destroy any copies
immediately.
  Computershare Limited and its subsidiaries do not accept liability for the
views
  expressed in the email or for the consequences of any computer viruses
that may be
  transmitted with this email

  This email is also subject to copyright. No part of it should be
reproduced, adapted or
  transmitted without the written consent of the copyright owner.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020612/eca6aa29/attachment.html>


More information about the Snort-users mailing list