[Snort-users] How to best do DB *and* syslog logging?

beenph beenph at ...11827...
Thu Dec 1 18:20:55 EST 2011


On Thu, Dec 1, 2011 at 2:32 AM, Miguel Alvarez <miguellvrz9 at ...11827...> wrote:
> On Wed, Nov 30, 2011 at 8:03 PM, beenph <beenph at ...11827...> wrote:
>> On Wed, Nov 30, 2011 at 11:45 AM, Miguel Alvarez <miguellvrz9 at ...14542....> wrote:
>>> Right now, I'm logging my snort alerts back to a syslog server but I'd
>>> like to start playing with Snorby.  Please correct me if I'm wrong but
>>> I think the ideal way to do this would be to log via unified2 and use
>>> barnyard to send the alert data to snorby's DB but I can't lose my
>>> syslog functionality.  I really wish barnyard was able to do this on
>>> non-Windows boxes!  But what would be the best way to achieve this
>>> short of running two separate snort instances?
>>>
>> If you need local syslog and forward them, barnyard2 currently support
>> this on windows and non windows system.
>>
>> If you need remote syslog logging
>>
>> You can access the feature in its current branch branch via
>>
>> https://github.com/binf/barnyard2/tree/RemoteSyslogFix
>
> I didn't realize this.  Actually, I just checked that repository out
> and see this on lines 180-181 of
> https://github.com/binf/barnyard2/blob/RemoteSyslogFix/etc/barnyard2.conf:
>

Its probably a typo, it should work no hush with *nix.


-elz




More information about the Snort-users mailing list