[Snort-users] Snort alerts to a remote syslog server

Iliass Hakim iliass61 at ...125...
Thu Jun 19 09:56:51 EDT 2014


Thanks,
but I have my syslog server configured
my file rsyslog.conf 

$ModLoad imuxsock # provides support for local system logging$ModLoad imklog   # provides kernel logging support (previously done by rklogd)#$ModLoad immark  # provides --MARK-- message capability
# provides UDP syslog reception$ModLoad imudp$UDPServerRun 514
# provides TCP syslog reception$ModLoad imtcp$InputTCPServerRun 1514

############################### GLOBAL DIRECTIVES ###############################
## Use traditional timestamp format.# To enable high precision timestamps, comment out the following line.##$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Filter duplicated messages$RepeatedMsgReduction off
## Set the default permissions for all log files.#$FileOwner syslog$FileGroup adm$FileCreateMode 0640$DirCreateMode 0755$Umask 0022$PrivDropToUser syslog$PrivDropToGroup syslog
## Where to place spool files#$WorkDirectory /var/spool/rsyslog
## Include all config files in /etc/rsyslog.d/#$IncludeConfig /etc/rsyslog.d/*.conf


and in my file snort.conf i have add :
output alert_syslog: host=@ syslog server:514, LOG_AUTH LOG_ALERT

but its not working 


Cordialement 
---------------------------------------------------------
HAKIM Iliass 

Ingénieur  Réseaux & Télécommunication 

Université Bretagne Occidentale 

+33 6 40 24 39 16



Merci de penser à l'environnement avant d'imprimer ce message.


From: kkurzawa at ...16800...
To: snort-users at lists.sourceforge.net
Date: Thu, 19 Jun 2014 09:14:16 -0400
Subject: Re: [Snort-users] Snort alerts to a remote syslog server

I currently use syslog-ng and send that info to a splunk server. Little difference. I tell syslog on the snort machine to watch the alerts file and send the info to an IP:port specification. Shazam. My additions to the  syslog-ng.conf are as follows: source s_ids {   file(“/var/log/snort/alerts”);}; destination d_splunk {   upd(“server-name” port(1bajillion));}; log {   source(s_ids);   destination(d_splunk);}; 
------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news! 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140619/8259fb0b/attachment.html>


More information about the Snort-users mailing list