[Snort-users] snort syslog output support

Joel Esler jesler at ...1935...
Wed May 30 09:33:41 EDT 2012


If you want to output from Snort in unified2 then have barnyard2 output into syslog from the unified2 file, then that's fine.  IIRC barnyard2 uses the same output structure.

Joel

On May 30, 2012, at 9:30 AM, Nick Moore wrote:

> Playing devil's advocate: is there anything wrong with using syslog as an output in Barnyard? It seems to be the favored method for SQL. 
> 
> On Wed, May 30, 2012 at 8:17 AM, Joel Esler <jesler at ...1935...> wrote:
> I've never said that.  Syslog is staying.
> 
> 
> On May 30, 2012, at 7:51 AM, Kungu Panda wrote:
> 
> > I need to send snort syslog alerts to out central syslog system.  I thought I read in a previous posting that snort syslog output was going away.  Is this still true, has it happened?
> >
> > What would be the best way to perform this?
> > Any recommendations/ideas would be helpful.
> >
> > Thanks!
> > KPanda
> 
> 
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 
> 
> 
> -- 
> Nick Moore, SFCE, CISSP, CISA
> Sr. Systems Engineer
> Voice 708-336-9041
> Email nick.moore at ...1935...
> IM    nickgmoore (Yahoo)
>        nickgmoore38 (AIM)
> 
>     ,,_
>    o"  )~   Sourcefire - The Creators of Snort
>     ''''
> 
> www.sourcefire.com         www.snort.org     www.immunet.com
> 





More information about the Snort-users mailing list