[Snort-users] Syslog on W2K

Steven Williams Steven.Williams at ...4864...
Wed Jun 12 16:12:03 EDT 2002


HI Michael,
 
So do I need to setup a syslog server on the sensor itself, and then either
use that for logging, or forward syslogs to my main syslog server?
 
I don't know of any good freeware ones as I use Kiwi myself.
 
Thanks
 
Steve
 
-----Original Message-----
From: Michael Steele [mailto:michaels at ...155...] 
Sent: Thursday, June 13, 2002 9:11 AM
To: 'Steven Williams'
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Syslog on W2K
 
Steve,
 
That won't work. You are going to have to use a 3rd party Syslog Server like
Kiwi Syslog Daemon which will do everything you need, including emailing
alerts, but not freeware.
 
If you find anything else on the freeware side, could you let me know? I
have a list of people looking for a freeware utility for emailing alerts on
Windows.
 
http://www.kiwisyslog.com/ <http://www.kiwisyslog.com/> 
-Michael
--
 Michael Steele | System Engineer / Support Technician
 mailto:michaels at ...155... <mailto:michaels at ...155...> 
 Silicon Defense: IDS solutions - http://www.silicondefense.com
<http://www.silicondefense.com> 
 Snort: Open Source Network IDS - http://www.snort.org
<http://www.snort.org> 


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Steven
Williams
Sent: Tuesday, June 11, 2002 8:57 PM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] Syslog on W2K
 
Hi,
 
I am using snort 1.8.6 on W2K.
 
I wish to log to the mysql database, but also log to a syslog server using
the commands below;
 
output alert_syslog: LOG_AUTH LOG_ALERT host=X.X.X.X
output database: alert, mysql, user=username dbname=database
sensor_name=sensor1 password=password host=X.X.X.X
 
When I run snort, I get a warning message stating "Unrecognized syslog
facility/priority: host=X.X.X.X"
 
Has anyone successfully got snort to syslog to a remote syslog server? If
so, can you let me know how you did it?
 
Also, has anyone got anything like Swatch on a W32 machine to report from
Syslog Files?
 
Thanks
 
Steve
 
 
Steve Williams
Communications Support Engineer
Computershare Technology Services
 
PH +61 3 92355651
FAX +61 3 94732409
www.computershare.com <http://www.computershare.com> 
 


---
This email and any files transmitted with it are solely intended for the use
of the
addressee(s) and may contain information that is confidential and
privileged. If you
receive this email in error, please advise us by return email immediately.
Please also
disregard the contents of the email, delete it and destroy any copies
immediately.
Computershare Limited and its subsidiaries do not accept liability for the
views
expressed in the email or for the consequences of any computer viruses that
may be
transmitted with this email

This email is also subject to copyright. No part of it should be reproduced,
adapted or 
transmitted without the written consent of the copyright owner.


---
This email and any files transmitted with it are solely intended for the use of the
addressee(s) and may contain information that is confidential and privileged.  If you
receive this email in error, please advise us by return email immediately.  Please also
disregard the contents of the email, delete it and destroy any copies immediately.
Computershare Limited and its subsidiaries do not accept liability for the views
expressed in the email or for the consequences of any computer viruses that may be
transmitted with this email

This email is also subject to copyright.  No part of it should be reproduced, adapted or 
transmitted without the written consent of the copyright owner.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020612/cd3401eb/attachment.html>


More information about the Snort-users mailing list