[Snort-users] TR: Sending alert in other port

Jose Maria Lopez jkerouac at ...12346...
Mon Oct 4 11:27:21 EDT 2004


El lun, 04 de 10 de 2004 a las 05:25, Raffael Maio escribió:
>  
> 
> Hi guys,
> 
>  
> 
> I wana know if there is a possibility to send the alert message to a
> different port under linux (like the output plugin in windows). 
> 
> (I don’t want to send the alert message under a different port not the
> syslog port (54) but my proper port like 5535.

Depending in your configuration it could be possible to use iptables
using the REDIRECT or DNAT feature to change the destination port from
54 to 5535. I don't know if this it's possible to do it in the same
machine you have the snort sensor, but surely you can try it.

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac at ...12346...
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"





More information about the Snort-users mailing list