AW: AW: [Snort-users] Syslog,MySql, IDS Center /Eagle X

Freddie Soerensen freddie.soerensen at ...5413...
Tue May 20 10:38:44 EDT 2003


Patrick

I didn't mean SnortCenter, but IDSCenter

Freddie

-----Ursprüngliche Nachricht-----
Von: Patrick S. Harper [mailto:lists at ...4250...] 
Gesendet: Dienstag, 20. Mai 2003 15:16
An: Freddie Soerensen
Betreff: Re: AW: [Snort-users] Syslog,MySql, IDS Center /Eagle X


http://users.pandora.be/larc/

Have you looked on the website?


On Mon, 2003-05-19 at 23:27, Freddie Soerensen wrote:
> Ueli
> 
> Does the present version of IDSCenter work with Snort 2.0 ?
> 
> Freddie
> 
> 
> > -----Ursprüngliche Nachricht-----
> > Von: Ueli Kistler [mailto:iuk at ...1171...]
> > Gesendet: Montag, 19. Mai 2003 19:26
> > An: McBurnett, Jim
> > Cc: snort-users at lists.sourceforge.net
> > Betreff: Re: [Snort-users] Syslog,MySql, IDS Center /Eagle X
> > 
> > 
> > Hello
> > 
> > McBurnett, Jim wrote:
> > 
> > .. <snip>
> > >
> > > I tried to add Syslog to it and Bingo-- It crashes every
> > time it sends
> > > a message..
> > > I tried to send to an external syslog.. no go. I tried an
> > on Machine
> > > Syslog.
> > > No go.. System has 3 NICS, and I am using the 2nd NIC.
> > >
> > 
> > Snort 2.0:
> > add an syslog output plugin in the output plugin wizard..
> > then click on 
> > apply. Now go to "IDS rules" again, where the Snort 
> > configuration editor 
> > is (Snort.conf).. scroll down until you find "output syslog: .."
> > 
> > now change it to something like this:
> >      *   output alert_syslog: LOG_AUTH LOG_ALERT
> >      *   output alert_syslog: host=hostname, LOG_AUTH LOG_ALERT
> >      *   output alert_syslog: host=hostname:port, LOG_AUTH LOG_ALERT
> > 
> > - Save
> > - Click on "Apply"
> > 
> > (note from chris reid:
> > For Win32, the remote host/port information has been moved into the 
> > snort.conf file.  See the "alert_syslog" option in snort.conf.  The 
> > reason for this was to make the command line options more compatible
> > with the *nix
> > version of snort.)
> > 
> > Regards,
> > 	Ueli Kistler
> > 	eclipse at ...9170...
> > 	www.engagesecurity.com
> > 
> > --
> > 
> > 
> > 
> > 
> > 
> > 
> > -------------------------------------------------------
> > This SF.net email is sponsored by: If flattening out C++ or Java 
> > code to make your application fit in a relational database is 
> > painful, don't do it! Check out ObjectStore. Now part of Progress 
> > Software. http://www.objectstore.net/sourceforge
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: ObjectStore.
> If flattening out C++ or Java code to make your application fit in a
> relational database is painful, don't do it! Check out ObjectStore.
> Now part of Progress Software. http://www.objectstore.net/sourceforge
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list