[Snort-users] syslog issue on windows 2000 and snmp

Turnquist,Wayne WayneTurnquist at ...12076...
Wed Jul 7 09:39:02 EDT 2004


I installed the newest version of snort.

when i start sort, i get the alerts showing up in the event log but i want them to go to a different machine which has syslog up and running.

# [Win32 can use any of these formats...]
#  output alert_syslog: LOG_AUTH LOG_ALERT
   output alert_syslog: host=10.110.99.4, LOG_AUTH LOG_ALERT
#  output alert_syslog: host=10.110.99.2, LOG_AUTH LOG_ALERT
# output alert_syslog: host=hostname:port, LOG_AUTH LOG_ALERT


also can i send msg to multiple syslog machines


--------------------------------------------------
i install  snort on our router link to corp so i can double check any security problems from corp.  One issue is there is a pc at corp. which is running solarwinds to monitor some devices on our networki.  thus, snort shows tons of alerts becasue of this. how/where do i add a filter to indicate to not worry about snmp for this ip address which is on the external network


thanks
wt





More information about the Snort-users mailing list