[Snort-users] Snort and multiple logging

Nick Moore nmoore at ...1935...
Wed Oct 6 08:57:38 EDT 2010


Egoitz,

1. I would strongly recommend using Barnyard2 for your output processing if
you are not already. There are several how-to documents available on setting
this up on http://www.snort.org/docs/setup-guides/; pick the paper that best
matches your OS or flavor of Linux. Each Snort instance can be set up to
send its output to a remote syslog server and MySQL database via Barnyard
simultaneously.

2. I would also strongly recommend using BASE instead of ACID. ACID is no
longer being maintained.

Happy Snorting!

Nick


On Wed, Oct 6, 2010 at 6:38 AM, <egoitz at ...14994...> wrote:

> Hello all,
>
> I would like to know if I can configure snort to output logs to a remote
> syslog and simultaneously to a mysql database. The reason of doing this
> this way is for using ACID (that reads from mysql and works in realtime)
> and for ossec active responses wich requires logs to be in a log file...
> So like I plan to have several snort servers for sharing the load (each
> snort scanning each switch traffic) I'm planning to log all snort servers
> to a remote syslog (whose file is going to be scanned constantly by ossec
> and executing active responses) and simutaneously to mysql in order to
> acid to be able to display ids collected data in realtime.
>
>
> Could be this possible mates?? to log simultaneously to remote syslog and
> to mysql??... or is it any other advisable way of achieving this goal??.
>
> Thanks a lot.
> Bye!
>
>
>
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
> Spend less time writing and  rewriting code and more time creating great
> experiences on the web. Be a part of the beta today.
> http://p.sf.net/sfu/beautyoftheweb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Nick Moore, SFCE, CISSP, CISA
Sr. Systems Engineer
Voice 708-336-9041
Email nick.moore at ...1935...
IM    nickgmoore (Yahoo)
       nickgmoore38 (AIM)

    ,,_
   o"  )~   Sourcefire - The Creators of Snort
    ''''

www.sourcefire.com         www.snort.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20101006/f45bfce9/attachment.html>


More information about the Snort-users mailing list