[Snort-users] Best practice for logging alerts to syslog

Tony Robinson deusexmachina667 at ...11827...
Sat Dec 15 22:11:41 EST 2012


Wanted to ask a question regarding what is best practice for snort to log
alerts to syslog -- is it the better practice to have snort itself, via
snort.conf handle this, or should barnyard2 be installed, snort configured
to log to unified 2 and barnyard 2 handle logging to syslog? I'm asking
because the next thing I'd like to do for autosnort is offer a
configuration option to log to syslog (for SIEM integration to something
like splunk, graylog2, etc.) if the user wasn't interested in a web
front-end and wanted to know what the accepted/best practice was here.

Thanks in Advance,


when does reality end? when does fantasy begin?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121215/b316ffb0/attachment.html>

More information about the Snort-users mailing list