[Snort-users] Syslog Help

Peter Bates peter.bates at ...15381...
Mon Mar 18 08:35:30 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 18/03/2013 12:20, Kevin Ross wrote:
> I usually use unified 2 to barnyard which sends logs into mysql. Now I have
> the need to send Syslog into another log collector. I haven't used syslog
> for snort output in a while but I have never had these issues before.

We're sending syslog from Barnyard2 rather than Snort directly, with:

output alert_syslog: LOG_LOCAL1

- - i.e. local1 as the facility.

I think we went this way after seeing weird results
from using the syslog output plugin directly in Snort itself.

- -- 
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division	      Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJRRwoSAAoJELhVoVpEMS6RLxsH/jbvK+qneTYnbk50youQ5oP8
z4gkXO+8Fl1awBSGOxIQzjWURg2swiGiOYvT3mSN0ZIaw434m814bGxFlEEjDxO/
G5mYyHY+9OEU0sBTaIonvrrEINiJx8VeF5TWoS+FDXheudsGhMSb1lN9pK7FsxFI
1vSIe1NyvMtp6HHOIGgk1fKepBnEiUBs/W0LqkHTBC7Hq4nAMmHQJemHZM7ccznP
1wY1e2hlOqGau1IUlrYsGGMetFa6iDXtMnv6xfWZHtvPPskL5Va+vf747fg68H6g
FveaA9Btdv7333C9eaDYl9BzKdiwSBieijaSOCPa7G1TyStk6B2D3sNJcpzMS+M=
=5yZN
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list