[Snort-users] Snort alerts to multiple syslog servers

Erek Adams erek at ...950...
Mon Sep 29 07:37:07 EDT 2003


On Fri, 26 Sep 2003, Douglas McCrea wrote:

> I'm using Snort 2.02 on a Windows 2000 server. I would like to send
> alerts to multiple Syslog servers because we are sharing our data with
> our Information Security office as well as analyzing it ourselves. I've
> noticed that if I list more than one syslog server, the data is just
> repeated in the log twice for only one syslog server. Is there a way to
> send to multiple syslog servers using Windows 2000?

I'm not sure if you can do it on a Win32 box or not.  Your best bet might
be to log to a local syslog server and have _that_ forward onto other
hosts.

If you can't do that, use an intermediary *NIX box to do it.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list