<div dir="ltr"><div><div><div>I don't think syslog is anyway dependent on mysql.<br></div>There might be some issue in syslog configuration like missing ports, IP's,protocols etc.<br><br></div>Best Regards,<br></div>
Praveen Darshanam<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Sep 4, 2013 at 3:57 PM, Mayur Patil <span dir="ltr"><<a href="mailto:ram.nath241089@...11827..." target="_blank">ram.nath241089@...11827...</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>hello pravin<br><br></div>     I have not setup mysql database for snort; does it making unrecognized syslog facilty <br>
<br></div>     as like baynard2 ??<br><br></div>     please guide !<br>
<br></div>     Thanks !<br></div><div class="gmail_extra"><div><div class="h5"><br><br><div class="gmail_quote">On Fri, Aug 2, 2013 at 12:17 PM, praveen_recker . <span dir="ltr"><<a href="mailto:praveen_recker@...4543..." target="_blank">praveen_recker@...4543...</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Check if Firewall is running on any of the machines....turn it off.<br></div>try to telnet/nc on to the port.....from snotr machine to syslog server port, it should be successful.<span><font color="#888888"><br>

<div><br>-Praveen<br>
</div></font></span></div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Aug 2, 2013 at 10:42 AM, Mayur Patil <span dir="ltr"><<a href="mailto:ram.nath241089@...11827..." target="_blank">ram.nath241089@...11827...</a>></span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello Pravin,<br><br>   I have tried your steps. I am getting snort logs when snort restarts only <br><br>   on the remote rSyslog server.<br>


 <br>  The problems I am facing are:<br><ol><li>I am not getting logs of alert on remote rSyslog server.</li>
<li>When I tried command <br><br>snort -c /etc/snort/snort.conf -i eth0</li></ol><p>         snort is able to start in NIDS mode <br>  <br>        but it still gives error of unrecognised syslog facility host: ip:port</p>



<p>    What am I doing wrong ??</p><p>    Please guide, Thanks !</p><p><b>--<br>Cheers,<br>Mayur</b>.</p><p><br></p><div class="gmail_quote">On Fri, Aug 2, 2013 at 1:05 AM, praveen_recker . <span dir="ltr"><<a href="mailto:praveen_recker@...4543..." target="_blank">praveen_recker@...4543...</a>></span> wrote:<br>



<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hi Mayur,<br><br></div>Try to follow steps given in below link.<br><a href="http://darshanams.blogspot.in/2011/05/snort-logging-alerts-to-syslog-server.html" target="_blank">http://darshanams.blogspot.in/2011/05/snort-logging-alerts-to-syslog-server.html</a><br>




<br></div>Best Regards,<br></div>Praveen darshanam<br></div><div class="gmail_extra"><br><br><div class="gmail_quote"><div><div>On Thu, Aug 1, 2013 at 4:04 PM, Mayur Patil <span dir="ltr"><<a href="mailto:ram.nath241089@...11827..." target="_blank">ram.nath241089@...11827...</a>></span> wrote:<br>




</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>Hello,<br>   <br>    I have done a lot google but found post mostly regarding Barnyard; not specific to Snort<br>



<br>    I also tried various blog post for remote rSyslog exportation but not getting answer for this.<br>
<br>
    I set logs exportation settings as per manual of snort<br>
 <br>    output alert_syslog: host=<a href="http://10.1.1.1:514" target="_blank">10.1.1.1:514</a>, <facility> <priority> <options><br><br>    So, in snort.conf file   <br><br>    #syslog <br><br>    output alert_syslog: host=ip:port, LOG_AUTH LOG_ALERT<br>





 <br>    it gives error of unrecognised facility when I run snort in NIDS mode.<br><br>    But it does not give error for <br clear="all">   <br>    output alert_syslog: LOG_AUTH LOG_ALERT<br>  <br>    What is going wrong ?<br>






<br>    Please guide.<br><br>    Thanks !!<br><br><br>P.S. :  Snort.conf file :  <a href="http://pastebin.com/dkMRrfxp" target="_blank">http://pastebin.com/dkMRrfxp</a><span><font color="#888888"><span><font color="#888888"><br>


-- <br></font></span></font></span></div>
</div></blockquote></div></div></blockquote></div><span style="font-weight:bold"></span>
</blockquote></div><br></div>
</div></div></blockquote></div><br><br clear="all"><br></div></div><span class="HOEnZb"><font color="#888888">-- <br><div dir="ltr"><b>Yours Sincerely,<br>Mayur</b><span style="font-weight:bold"> S. Patil,<br>ME COMP ENGG,<br>
MITCOE,<br></span><span style="font-weight:bold">Pune.<br>
<br></span><span style="font-weight:bold"></span><div><span style="font-weight:bold">Contact : </span></div><div><b> </b><a href="https://www.facebook.com/mayurram" target="_blank"><img src="http://www.foamequipment.com/Portals/78693/images/Facebook-icon%2016x16.png"></a> <a href="https://twitter.com/RamMayur" target="_blank"><img src="http://t3.gstatic.com/images?q=tbn:ANd9GcT_Yarp6AuylZyOGqWulEymuad823QozjY---pAIg_yZESuzmjb"></a> <a href="https://plus.google.com/u/0/107426396312814346345/about" target="_blank"><img src="http://t1.gstatic.com/images?q=tbn:ANd9GcR5aTy2mSTpjuZHVNcU89LWfRKZn-LqVkqrUK-wTPnXMt62cw-qUg"></a> <a href="http://in.linkedin.com/pub/mayur-patil/35/154/b8b/" target="_blank"><img src="http://www.engr.wisc.edu/cmsimages/coe-linkedin-icon-19x19.png"></a>  <a href="http://stackoverflow.com/users/1528044/rammayur" target="_blank"><img src="http://www.destil.cz/images/stackoverflow.png"></a> <b> <a href="https://myspace.com/mayurram" target="_blank"><img src="http://sabedoriapopular.redeblogs.com.br/images/icon-myspace-16x16.gif"></a></b> <a href="https://github.com/ramlaxman" target="_blank"><img src="https://github.com/gadcam/Wappalyzer/diff_blob/f4b7ae6a9398b0d00371dca42abe55bfa756a999/drivers/firefox/skin/images/github.png?raw=true"></a><br>

<br><br><br></div></div>
</font></span></div>
</blockquote></div><br></div>