[Snort-users] Snort and multiple logging

egoitz at ...14994... egoitz at ...14994...
Wed Oct 6 07:38:10 EDT 2010


Hello all,

I would like to know if I can configure snort to output logs to a remote
syslog and simultaneously to a mysql database. The reason of doing this
this way is for using ACID (that reads from mysql and works in realtime)
and for ossec active responses wich requires logs to be in a log file...
So like I plan to have several snort servers for sharing the load (each
snort scanning each switch traffic) I'm planning to log all snort servers
to a remote syslog (whose file is going to be scanned constantly by ossec
and executing active responses) and simutaneously to mysql in order to
acid to be able to display ids collected data in realtime.


Could be this possible mates?? to log simultaneously to remote syslog and
to mysql??... or is it any other advisable way of achieving this goal??.

Thanks a lot.
Bye!





More information about the Snort-users mailing list