[Snort-users] snort syslog to siem

kinomakino kinomakino at ...125...
Thu Aug 28 14:47:34 EDT 2014


Thanks for your help as always. 
I am configuring syslog for sending snort alerts to a SIEM (OSSIM) 
I have this setup snort: 
alert_syslog output: host = *********: 514, LOG_AUTH LOG_ALERT 

This way I export the logs to the local syslog, to var / log / messages. 
Any idea how to properly configure the sending of syslog from snort to
rsyslog other systems? 

Thank you !!!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140828/289df78d/attachment.html>


More information about the Snort-users mailing list