[Snort-users] Snort and multiple logging

Mike Kun mkun at ...6382...
Wed Oct 6 08:52:14 EDT 2010


On 10/06/2010 07:38 AM, egoitz at ...14994... wrote:
> Hello all,
>
> I would like to know if I can configure snort to output logs to a remote
> syslog and simultaneously to a mysql database. The reason of doing this
> this way is for using ACID (that reads from mysql and works in realtime)
> and for ossec active responses wich requires logs to be in a log file...
> So like I plan to have several snort servers for sharing the load (each
> snort scanning each switch traffic) I'm planning to log all snort servers
> to a remote syslog (whose file is going to be scanned constantly by ossec
> and executing active responses) and simutaneously to mysql in order to
> acid to be able to display ids collected data in realtime.
>
>
> Could be this possible mates?? to log simultaneously to remote syslog and
> to mysql??... or is it any other advisable way of achieving this goal??.
>
> Thanks a lot.
> Bye!
>
>
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
> Spend less time writing and  rewriting code and more time creating great
> experiences on the web. Be a part of the beta today.
> http://p.sf.net/sfu/beautyoftheweb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>   
I believe that Barnyard2 will allow you to send Snort output to multiple
sources and I know that both mysql and syslog are supported. Should just
be a matter of configuring Snort to write to unified2 setting up the
barnyard2.conf file to output both mysql and syslog.





More information about the Snort-users mailing list