[Snort-users] Windows snort to syslog

Cintron, Jose J. jcintron at ...312...
Mon Oct 27 11:37:04 EDT 2008


I have a snort server running on Windows (192.168.1.100) and I have a
remote syslog server running again on a Windows server (192.168.1.3)
(using Kiwi Syslog).  My snort.conf file says...
 
output alert_syslog: host=192.168.1.3, log_auth log_alert
 
I've tried changing the address to address port (192.168.1.3:514).  I
tried to send to the TCP port (1468) of the syslog server instead of
the UDP port just to check.  I have a sniffer to see all traffic from
the snort box to the syslog server.
 
And I don't see a thing.  What am I doing wrong (I'm sure that it's me
and not the pig).
 

+------------------------------------------
| José J. Cintrón - <jcintron at ...312... <mailto:jcintron at ...312...> >
|
| MITRE Corporation
| 7515 Colshire Drive
| Mail Stop T330
| McLean, VA  22102-7508
|
| Phone: 703.983.3040
| Fax: 703.983.1397
+------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20081027/4a568b74/attachment.html>


More information about the Snort-users mailing list