[Snort-users] Syslog,MySql, IDS Center /Eagle X

Ueli Kistler iuk at ...1171...
Mon May 19 10:27:04 EDT 2003


McBurnett, Jim wrote:

.. <snip>
> I tried to add Syslog to it and Bingo-- It crashes every time it sends 
> a message..
> I tried to send to an external syslog.. no go. I tried an on Machine 
> Syslog.
> No go.. System has 3 NICS, and I am using the 2nd NIC.

Snort 2.0:
add an syslog output plugin in the output plugin wizard.. then click on 
apply. Now go to "IDS rules" again, where the Snort configuration editor 
is (Snort.conf).. scroll down until you find "output syslog: .."

now change it to something like this:
     *   output alert_syslog: LOG_AUTH LOG_ALERT
     *   output alert_syslog: host=hostname, LOG_AUTH LOG_ALERT
     *   output alert_syslog: host=hostname:port, LOG_AUTH LOG_ALERT

- Save
- Click on "Apply"

(note from chris reid:
For Win32, the remote host/port information has been moved into the
snort.conf file.  See the "alert_syslog" option in snort.conf.  The reason
for this was to make the command line options more compatible with the *nix
version of snort.)

	Ueli Kistler
	eclipse at ...9170...


More information about the Snort-users mailing list