[Snort-users] snort syslog to siem

kinomakino kinomakino at ...125...
Thu Aug 28 15:03:05 EDT 2014


The *** it´s only for security purpose xD.

 

i have this done, in my rsyslog i accept all for the snort -ip server.

 

Thanks !!!

 

  _____  

De: Y M [mailto:snort at ...15979...] 
Enviado el: jueves, 28 de agosto de 2014 21:03
Para: kinomakino
CC: snort-users
Asunto: RE: [Snort-users] snort syslog to siem

 

From: kinomakino at ...125...
To: snort-users at lists.sourceforge.net
Date: Thu, 28 Aug 2014 20:47:34 +0200
Subject: [Snort-users] snort syslog to siem

Thanks for your help as always. 
I am configuring syslog for sending snort alerts to a SIEM (OSSIM) 
I have this setup snort: 
alert_syslog output: host = *********: 514, LOG_AUTH LOG_ALERT 

 

# Replace "*********" above with the remote syslog server that is to receive
the logs. The remote syslog server needs to be configured to receive those
logs. If you use Barnyard2, let it handle sending the logs instead of Snort.

This way I export the logs to the local syslog, to var / log / messages. 
Any idea how to properly configure the sending of syslog from snort to
rsyslog other systems? 

Thank you !!!


----------------------------------------------------------------------------
-- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/
_______________________________________________ Snort-users mailing list
Snort-users at lists.sourceforge.net Go to this URL to change user options or
unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please
visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140828/670b4975/attachment.html>


More information about the Snort-users mailing list