[Snort-users] Best practice for logging alerts to syslog
deusexmachina667 at ...11827...
Sat Dec 15 22:11:41 EST 2012
Wanted to ask a question regarding what is best practice for snort to log
alerts to syslog -- is it the better practice to have snort itself, via
snort.conf handle this, or should barnyard2 be installed, snort configured
to log to unified 2 and barnyard 2 handle logging to syslog? I'm asking
because the next thing I'd like to do for autosnort is offer a
configuration option to log to syslog (for SIEM integration to something
like splunk, graylog2, etc.) if the user wasn't interested in a web
front-end and wanted to know what the accepted/best practice was here.
Thanks in Advance,
when does reality end? when does fantasy begin?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users