AW: [Snort-users] Syslog,MySql, IDS Center /Eagle X

Freddie Soerensen freddie.soerensen at ...5413...
Mon May 19 23:28:02 EDT 2003


Ueli

Does the present version of IDSCenter work with Snort 2.0 ?

Freddie


> -----Ursprüngliche Nachricht-----
> Von: Ueli Kistler [mailto:iuk at ...1171...] 
> Gesendet: Montag, 19. Mai 2003 19:26
> An: McBurnett, Jim
> Cc: snort-users at lists.sourceforge.net
> Betreff: Re: [Snort-users] Syslog,MySql, IDS Center /Eagle X
> 
> 
> Hello
> 
> McBurnett, Jim wrote:
> 
> .. <snip>
> >
> > I tried to add Syslog to it and Bingo-- It crashes every 
> time it sends
> > a message..
> > I tried to send to an external syslog.. no go. I tried an 
> on Machine 
> > Syslog.
> > No go.. System has 3 NICS, and I am using the 2nd NIC.
> >
> 
> Snort 2.0:
> add an syslog output plugin in the output plugin wizard.. 
> then click on 
> apply. Now go to "IDS rules" again, where the Snort 
> configuration editor 
> is (Snort.conf).. scroll down until you find "output syslog: .."
> 
> now change it to something like this:
>      *   output alert_syslog: LOG_AUTH LOG_ALERT
>      *   output alert_syslog: host=hostname, LOG_AUTH LOG_ALERT
>      *   output alert_syslog: host=hostname:port, LOG_AUTH LOG_ALERT
> 
> - Save
> - Click on "Apply"
> 
> (note from chris reid:
> For Win32, the remote host/port information has been moved into the
> snort.conf file.  See the "alert_syslog" option in 
> snort.conf.  The reason
> for this was to make the command line options more compatible 
> with the *nix
> version of snort.)
> 
> Regards,
> 	Ueli Kistler
> 	eclipse at ...9170...
> 	www.engagesecurity.com
> 
> --
> 
> 
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: If flattening out C++ or Java
> code to make your application fit in a relational database is 
> painful, 
> don't do it! Check out ObjectStore. Now part of Progress Software.
> http://www.objectstore.net/sourceforge
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list