[Snort-users] Snort Syslog Alerts on Win32

L. Christopher Luther CLuther at ...6333...
Sat Jan 4 14:09:45 EST 2003

Unfortunately, using the command line parameter for syslog is not an option,
exactly because I don't want to clobber the other output plug-ins in the
snort.conf file.  And it probably will not work anyway under Win32 (see the
post/rant I just sent to the list).  It appears that  "syslog" under Win32
really means "Event Log", which just will not do.  

Presuming that Snort under Win32 will some day really support syslog output,
hopefully then there will also be a "host=" and "port=" option for the
alert_syslog plug-in.  


-----Original Message-----
From: Don Weber [mailto:Don at ...5881...]
Sent: Saturday, January 04, 2003 12:08 AM
To: L. Christopher Luther; bmcdowell at ...7861...
Cc: Snort-Users (E-mail)
Subject: RE: [Snort-users] Snort Syslog Alerts on Win32
Sensitivity: Confidential

you can, just do it on the command line, which also trumps anything in your
config file tho, just do this, along with the rest of you options for
snort.conf and log dir and such, for some reason i always need to add the
port on it as well, all of my sensors go to a remote syslog server or two.
jsut use your regular snort command line and add -s ip.add.re.ss:port at the

snort -s host.ip.add.ress:514

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of L. Christopher
Sent: Friday, January 03, 2003 3:29 PM
To: 'bmcdowell at ...7861...'
Cc: Snort-Users (E-mail)[Don Weber] 
Subject: RE: [Snort-users] Snort Syslog Alerts on Win32
Sensitivity: Confidential

Unfortunately, there is no syslog daemon on the WinNT4 Snort box -- only on
the other server.  :{  I was hoping that like Cisco and other network
devices I could direct the syslog messages from Snort to another server.  


-----Original Message----- 
From: Bob McDowell [mailto:bmcdowell at ...7861...] 
Sent: Friday, January 03, 2003 6:27 PM 
To: 'L. Christopher Luther' 
Subject: RE: [Snort-users] Snort Syslog Alerts on Win32 
Sensitivity: Confidential 

I think you'd need to do this in your syslog daemon.  You can make it easy
on yourself by making snort log to 'Local1' if you'd like.

-----Original Message----- 
From: L. Christopher Luther [mailto:cluther at ...6331...] 
Sent: Friday, January 03, 2003 5:02 PM 
To: Snort-Users (E-mail) 
Subject: [Snort-users] Snort Syslog Alerts on Win32 
Sensitivity: Confidential 

Hash: SHA1 

I would like to configure Snort (version 1.8.6 running on a WinNT4 
box) to send Snort alerts to a syslog server on another WinNT4 box. 
The "output alert_syslog" is pretty straight forward, accept I am not 
sure of how to direct output this to another host???  The docs I have 
do not specify any "host=" option.  

L. Christopher Luther  
Technical Consultant  
Xybernaut Solutions, Inc.  
(703) 654-3642  
cluther at ...6331...  

My PGP Public Key:  

CONFIDENTIALITY NOTE:  This communication contains 
information that is confidential and/or legally privileged.  
This information is intended only for the use of the individual 
or entity named on this communication. If you are not the 
intended recipient, you are hereby notified that any disclosure, 
copying, distribution, printing or other use of, or any action 
in reliance on, the contents of this communication is strictly 
prohibited.  If you receive this communication in error, please 
immediately notify us by telephone at (703) 631-6925. 

Unsolicited commercial e-mail will automatically be reported 
to the appropriate abuse@ - without exception. 

Version: PGP 7.1.2 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030104/5c03b851/attachment.html>

More information about the Snort-users mailing list