[Snort-users] Snort+ and logging
oagvozd at gmail.com
Thu Sep 20 16:55:37 EDT 2018
чт, 20 сент. 2018 г. в 19:48, Andy Swartzbaugh <andy.swartzbaugh at gmail.com>:
> 1) My understanding is that Barnyard was a remedy to cope with Snort2's
> single-processor (i.e., not multi-processing) design and that Snort3 should
> be able to handle logging without needing another process to handle the
It is true. But Barny2 is able to send alerts to BD or remote syslog - it
is usefull..Snort3 now doesn't support it
> snort --pcap-dir /path/to/pcap/dir --pcap-filter '*.pcap' -L dump -l
> from www.snort.org/downloads/snortplus/snort_manual.html#_alert_syslog :
> This must be done in snort.lua as opposed to the command line:
> alert_syslog =
> facility = local3,
> level = info,
> It is true for alerts. But I've asked about snort process (daemon) log .
Nevertheless - thank you for info, it is usefull.
> If you wanted to send the logs to another server, that would be handled
> within rsyslogd (I use Ubuntu). Create a file named
> "/etc/rsyslog.d/10-snort.conf" : (the lower the number, the higher the
> priority) :
> and put the following line in it:
> local3.* @loghost
> On Thu, Sep 20, 2018 at 8:52 AM Meridoff via Snort-users <
> snort-users at lists.snort.org> wrote:
>> Hello, I've heared that barnyard2 is out of date for snort3.
>> Though it can be used .
>> 1. What are the alternative (to barnyard2) ways for logging snort3 alerts
>> to remote data-bases or remote syslog etc ? May be it will be included in
>> snort3 project in future?
>> 2.Small question - snort3 itself writes its own log to syslog (-M
>> option). What are the ways to specifiy internal daemon logging methods :
>> to file or syslog LEVEL ot smth orher ? I found nothing concering this in
>> Thanks for response
>> Snort-users mailing list
>> Snort-users at lists.snort.org
>> Go to this URL to change user options or unsubscribe:
>> To unsubscribe, send an email to:
>> snort-users-leave at lists.snort.org
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>> Please follow these rules:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users