[Snort-users] Problems logging to syslog and mysql simultaneously

Michael Steele michaels at ...155...
Wed Jun 19 14:34:02 EDT 2002


Don,

We log to our local syslog by adding these into Snort.conf

output alert_syslog: LOG_AUTH LOG_ALERT
output alert_full

-Michael
--
 Michael Steele | System Engineer / Support Technician
 mailto:michaels at ...155...
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org



-----Original Message-----
From: Don [mailto:Don at ...5881...] 
Sent: Wednesday, June 19, 2002 2:02 PM
To: Michael Steele
Subject: RE: [Snort-users] Problems logging to syslog and mysql
simultaneously

i have not been successful in having snort log to a local syslog server
at
all, the only way i can get it to log to syslog is by command line
option,
which can of course go to local or remote, but it will not log to local
syslog without the commanline over-ride.

Don


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Michael
Steele
Sent: Wednesday, June 19, 2002 12:26 PM
To: dlpassport at ...6137...
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Problems logging to syslog and mysql
simultaneously


Dallas,

You need to pickup a syslog server like Kiwi Syslog Server or a freeware
one:

Snip--Snip ->

For stability I would recommend 3com's free syslog server for Windowz

http://support.3com.com/software/utilities_for_windows_32_bit.htm  <--
for a bunch of goodies

ftp://ftp.3com.com/pub/utilbin/win32/3CSyslog.zip  <-- for the syslog
server

It runs great on 2K & XP

This one may work:

http://www.cls.de/Default.asp

works well but randomly inserts fixed string in syslog output in
the freeware version.

<- Snip--Snip

-Michael
--
 Michael Steele | System Engineer / Support Technician
 mailto:michaels at ...155...
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org



-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of
dlpassport at ...6137...
Sent: Wednesday, June 19, 2002 10:32 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Problems logging to syslog and mysql
simultaneously

Hello list.  I am running Snort 1.8.7-mysql-win32 and am having the
following problem.

I would like to log to the local mysql database as well as a remote
syslog.
>From all that I can find, the only way to log to a remote syslog is
with
a -s 1.1.1.1 option from the command line.  When I specify this on the
command line, snort ignores my output database statement.

Is there anyway to specify a remote syslog server within snort.conf?
What
else could be causing this problem?  I'd prefer not to log to a local
syslogd then forward.

Thanks,
Dallas LaRose

<--snip from snort.conf-->
output alert_syslog: LOG_AUTH LOG_ALERT
output database: log, mysql, user=snort password=blah dbname=snort
port=3306
host=localhost
<--snip-->


------------------------------------------------------------------------
----
                   Bringing you mounds of caffeinated joy
                   >>>     http://thinkgeek.com/sf    <<<

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




------------------------------------------------------------------------
----
                   Bringing you mounds of caffeinated joy
                   >>>     http://thinkgeek.com/sf    <<<

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users








More information about the Snort-users mailing list