[Snort-users] snort syslog output support
Randal T. Rioux
randy at ...13561...
Fri Sep 14 02:22:39 EDT 2012
On 5/30/2012 8:33 AM, James Lay wrote:
> On May 30, 2012, at 5:51 AM, Kungu Panda wrote:
>> I need to send snort syslog alerts to out central syslog system. I
>> thought I read in a previous posting that snort syslog output was
>> going away. Is this still true, has it happened?
>> What would be the best way to perform this? Any
>> recommendations/ideas would be helpful.
>> Thanks! KPanda
> I certainly hope not….having IDS go to syslog is a PCI requirement
> (Section 10 of PCI DSS 2.0). Not having this would be bad.
Hey kids. I'm back. Catching up on email lists - I'm up to May. Been a
Is the language verbatim that "syslog" must send the alerts, or that
they just need to be collected and stored? For example, Ci$co uses SDEE,
but I've never seen that fail a PCI audit.
I'd look it up myself, but my dog just farted on me and I need to get
More information about the Snort-users