[Snort-users] snort syslog to siem
kinomakino at ...125...
Thu Aug 28 14:47:34 EDT 2014
Thanks for your help as always.
I am configuring syslog for sending snort alerts to a SIEM (OSSIM)
I have this setup snort:
alert_syslog output: host = *********: 514, LOG_AUTH LOG_ALERT
This way I export the logs to the local syslog, to var / log / messages.
Any idea how to properly configure the sending of syslog from snort to
rsyslog other systems?
Thank you !!!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users