[Snort-users] [barnyard2-users] Logging to the Windows event log

Michael Steele michaels at ...9077...
Wed Jan 30 20:25:59 EST 2013


Snort used to log events to the Event Viewer under Application log, but
apparently that function is no longer works.

Using the below in the snort.conf used to work:

output alert_syslog: LOG_AUTH LOG_ALERT

It's been awhile since I tried this, but adding it to the snort.conf and the
barnyard2.conf, neither one will log. I don't get any errors but it doesn't
log.

Anyone have  an idea what happened?

Best regards,
Michael...

> -----Original Message-----
> From: barnyard2-users at ...14071... [mailto:barnyard2-
> users at ...14071...] On Behalf Of beenph
> Sent: Wednesday, January 30, 2013 6:41 PM
> To: barnyard2-users at ...14071...
> Subject: Re: [barnyard2-users] Logging to the Windows event log
> 
> On Wed, Jan 30, 2013 at 6:30 PM, Michael Steele <michaels at ...9077...>
> wrote:
> > Snort used to log alerts to the Windows event log using:
> >
> >
> >
> > output alert_syslog: LOG_AUTH LOG_ALERT
> >
> >
> >
> > It doesn't seem to work anymore. Is this a function that Barnyard2 now
> > handles, or is it still in Snort?
> >
> 
> I never remember snort being able to log directly to windows event log.
> 
> Mabey if you run a companion syslog server on your windows machine you
> can act as a syslog endpoint.
> 
> You might want to ask on the snort ML.
> 
> -elz
> 
> --
> 
> ---
> You received this message because you are subscribed to the Google Groups
> "barnyard2-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to barnyard2-users+unsubscribe at ...15441...
> For more options, visit https://groups.google.com/groups/opt_out.
> 
> 






More information about the Snort-users mailing list