[Snort-users] snort syslog output support

Randal T. Rioux randy at ...13561...
Fri Sep 14 02:22:39 EDT 2012


On 5/30/2012 8:33 AM, James Lay wrote:
> On May 30, 2012, at 5:51 AM, Kungu Panda wrote:
>> I need to send snort syslog alerts to out central syslog system.  I
>> thought I read in a previous posting that snort syslog output was
>> going away.  Is this still true, has it happened?
>> 
>> What would be the best way to perform this? Any
>> recommendations/ideas would be helpful.
>> 
>> Thanks! KPanda
> 
> 
> I certainly hope not….having IDS go to syslog is a PCI requirement
> (Section 10 of PCI DSS 2.0).  Not having this would be bad.

Hey kids. I'm back. Catching up on email lists - I'm up to May. Been a
little... distracted.

Is the language verbatim that "syslog" must send the alerts, or that
they just need to be collected and stored? For example, Ci$co uses SDEE,
but I've never seen that fail a PCI audit.

I'd look it up myself, but my dog just farted on me and I need to get
away fast.

Randy





More information about the Snort-users mailing list