[Snort-users] How to best do DB *and* syslog logging?
beenph at ...11827...
Thu Dec 1 18:20:55 EST 2011
On Thu, Dec 1, 2011 at 2:32 AM, Miguel Alvarez <miguellvrz9 at ...11827...> wrote:
> On Wed, Nov 30, 2011 at 8:03 PM, beenph <beenph at ...11827...> wrote:
>> On Wed, Nov 30, 2011 at 11:45 AM, Miguel Alvarez <miguellvrz9 at ...14542....> wrote:
>>> Right now, I'm logging my snort alerts back to a syslog server but I'd
>>> like to start playing with Snorby. Please correct me if I'm wrong but
>>> I think the ideal way to do this would be to log via unified2 and use
>>> barnyard to send the alert data to snorby's DB but I can't lose my
>>> syslog functionality. I really wish barnyard was able to do this on
>>> non-Windows boxes! But what would be the best way to achieve this
>>> short of running two separate snort instances?
>> If you need local syslog and forward them, barnyard2 currently support
>> this on windows and non windows system.
>> If you need remote syslog logging
>> You can access the feature in its current branch branch via
> I didn't realize this. Actually, I just checked that repository out
> and see this on lines 180-181 of
Its probably a typo, it should work no hush with *nix.
More information about the Snort-users