[Snort-users] Snort alerts to multiple syslog servers
erek at ...950...
Mon Sep 29 07:37:07 EDT 2003
On Fri, 26 Sep 2003, Douglas McCrea wrote:
> I'm using Snort 2.02 on a Windows 2000 server. I would like to send
> alerts to multiple Syslog servers because we are sharing our data with
> our Information Security office as well as analyzing it ourselves. I've
> noticed that if I list more than one syslog server, the data is just
> repeated in the log twice for only one syslog server. Is there a way to
> send to multiple syslog servers using Windows 2000?
I'm not sure if you can do it on a Win32 box or not. Your best bet might
be to log to a local syslog server and have _that_ forward onto other
If you can't do that, use an intermediary *NIX box to do it.
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users