IDS mailing list archives
Re: Naming sensors via syslog with snort?
From: "Ivan Coric" <ivan.coric () workcoverqld com au>
Date: Fri, 10 Oct 2003 13:41:34 +1000
Hi James, "I'm not too sure that I'm understanding correctly, but from what I gather your thinking of starting multiple snort instances from 1 config file, whereas you should be using 1 config file per node so you can properly control each config. As such, the single line sensor_name= will suffice. " http://archives.neohapsis.com/archives/snort/2002-09/0315.html cheers Ivan Coric IT Technical Security Officer Information Technology WorkCover Queensland Ph: (07) 30066414 Fax: (07) 30066424 Email: ivan.coric () workcoverqld com au
"James Hunter" <jhunter () dotprofile net> 10/10/03 10:58am >>>
Is there a way to "name" the sensors when using syslog and snort? I'm using Snortcenter w/acid, etc... as the manager and the snortcenter agent on another machine. I log everything back to the main snortcenter box via syslog to one file but they all just give the hostname. James Hunter 303-726-7067 jhunter () dotprofile net --------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 --------------------------------------------------------------------------- *************************************************************************** Messages included in this e-mail and any of its attachments are those of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used for the intended purpose only and are to be kept confidential at all times. This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this information should be deleted promptly and the sender notified. This e-mail has been scanned by Sophos for known viruses. However, no warranty nor liability is implied in this respect. ********************************************************************** --------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 ---------------------------------------------------------------------------
Current thread:
- Naming sensors via syslog with snort? James Hunter (Oct 09)
- <Possible follow-ups>
- Re: Naming sensors via syslog with snort? Ivan Coric (Oct 09)