AW: [Snort-users] Syslog,MySql, IDS Center /Eagle X
freddie.soerensen at ...5413...
Mon May 19 23:28:02 EDT 2003
Does the present version of IDSCenter work with Snort 2.0 ?
> -----Ursprüngliche Nachricht-----
> Von: Ueli Kistler [mailto:iuk at ...1171...]
> Gesendet: Montag, 19. Mai 2003 19:26
> An: McBurnett, Jim
> Cc: snort-users at lists.sourceforge.net
> Betreff: Re: [Snort-users] Syslog,MySql, IDS Center /Eagle X
> McBurnett, Jim wrote:
> .. <snip>
> > I tried to add Syslog to it and Bingo-- It crashes every
> time it sends
> > a message..
> > I tried to send to an external syslog.. no go. I tried an
> on Machine
> > Syslog.
> > No go.. System has 3 NICS, and I am using the 2nd NIC.
> Snort 2.0:
> add an syslog output plugin in the output plugin wizard..
> then click on
> apply. Now go to "IDS rules" again, where the Snort
> configuration editor
> is (Snort.conf).. scroll down until you find "output syslog: .."
> now change it to something like this:
> * output alert_syslog: LOG_AUTH LOG_ALERT
> * output alert_syslog: host=hostname, LOG_AUTH LOG_ALERT
> * output alert_syslog: host=hostname:port, LOG_AUTH LOG_ALERT
> - Save
> - Click on "Apply"
> (note from chris reid:
> For Win32, the remote host/port information has been moved into the
> snort.conf file. See the "alert_syslog" option in
> snort.conf. The reason
> for this was to make the command line options more compatible
> with the *nix
> version of snort.)
> Ueli Kistler
> eclipse at ...9170...
> This SF.net email is sponsored by: If flattening out C++ or Java
> code to make your application fit in a relational database is
> don't do it! Check out ObjectStore. Now part of Progress Software.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users