[Snort-users] Snort ---> syslog

Michael Steele michaels at ...155...
Fri Jun 21 07:43:07 EDT 2002


When you select Syslog you get 1 line of alert and that line is limited
to a number of characters. You will get a lot more information from the
console manager you are using.

You can use spade to do correlations, and there are others.

You can send the Syslog to a remote Syslog server, and use Swatch to
email alerts, this is the way to do it, or use Swatch on the local
Syslog, but of course this is *nix specific. Swatch won't run on Windows

 Michael Steele | System Engineer / Support Technician
 mailto:michaels at ...155...
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of spy
Sent: Wednesday, May 22, 2002 8:05 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort ---> syslog

Anyone have any experience with snort logging to syslog?
I have a few questions before i 'try' it.

1) Are logs and alerts LACKING useful data that you would normally get
regular snort logging?

2) Are you using any correlation tools like NetForensics or something

3) Can you send syslog from multiple snort sensors to one syslog server
run swatch? If yes, what do you like/not like about doing it this way?

Thanks in advance!

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list