[Snort-users] Snort alerts to a remote syslog server

Kurzawa, Kevin kkurzawa at ...16800...
Thu Jun 19 09:14:16 EDT 2014

I currently use syslog-ng and send that info to a splunk server. Little difference.

I tell syslog on the snort machine to watch the alerts file and send the info to an IP:port specification. Shazam.

My additions to the  syslog-ng.conf are as follows:

source s_ids {

destination d_splunk {
   upd("server-name" port(1bajillion));

log {

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140619/8ceb6e34/attachment.html>

More information about the Snort-users mailing list