[Snort-users] Snort and multiple logging
egoitz at ...14994...
egoitz at ...14994...
Wed Oct 6 13:48:50 EDT 2010
But I needed to generate file logs in order to OSSEC to be configured to
read it and doing active responses... (OSSEC AFAIK doesn't read from
mysql) and wanted to have a web gui for real time monitoring status of
intrusion activity and so... those banyard2 files are able to be read by
ossec? or could I say to barnyard2 to send to one remote syslog server the
logs (for ossec to be able to read them) and too... to a mysql server for
base to read them and display moment statistics??
thanks a lot for all you're help.
> 1. I would strongly recommend using Barnyard2 for your output processing
> you are not already. There are several how-to documents available on
> this up on http://www.snort.org/docs/setup-guides/; pick the paper that
> matches your OS or flavor of Linux. Each Snort instance can be set up to
> send its output to a remote syslog server and MySQL database via Barnyard
> 2. I would also strongly recommend using BASE instead of ACID. ACID is no
> longer being maintained.
> Happy Snorting!
> On Wed, Oct 6, 2010 at 6:38 AM, <egoitz at ...14994...> wrote:
>> Hello all,
>> I would like to know if I can configure snort to output logs to a remote
>> syslog and simultaneously to a mysql database. The reason of doing this
>> this way is for using ACID (that reads from mysql and works in realtime)
>> and for ossec active responses wich requires logs to be in a log file...
>> So like I plan to have several snort servers for sharing the load (each
>> snort scanning each switch traffic) I'm planning to log all snort
>> to a remote syslog (whose file is going to be scanned constantly by
>> and executing active responses) and simutaneously to mysql in order to
>> acid to be able to display ids collected data in realtime.
>> Could be this possible mates?? to log simultaneously to remote syslog
>> to mysql??... or is it any other advisable way of achieving this goal??.
>> Thanks a lot.
>> Beautiful is writing same markup. Internet Explorer 9 supports
>> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
>> Spend less time writing and rewriting code and more time creating great
>> experiences on the web. Be a part of the beta today.
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> Snort-users list archive:
> Nick Moore, SFCE, CISSP, CISA
> Sr. Systems Engineer
> Voice 708-336-9041
> Email nick.moore at ...1935...
> IM nickgmoore (Yahoo)
> nickgmoore38 (AIM)
> o" )~ Sourcefire - The Creators of Snort
> www.sourcefire.com www.snort.org
More information about the Snort-users