Snort mailing list archives
RE: Problems logging to syslog and mysql simultaneously
From: "Michael Steele" <michaels () silicondefense com>
Date: Wed, 19 Jun 2002 14:34:37 -0700
Don, We log to our local syslog by adding these into Snort.conf output alert_syslog: LOG_AUTH LOG_ALERT output alert_full -Michael -- Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: Don [mailto:Don () WeberOnTheWeb com] Sent: Wednesday, June 19, 2002 2:02 PM To: Michael Steele Subject: RE: [Snort-users] Problems logging to syslog and mysql simultaneously i have not been successful in having snort log to a local syslog server at all, the only way i can get it to log to syslog is by command line option, which can of course go to local or remote, but it will not log to local syslog without the commanline over-ride. Don -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Michael Steele Sent: Wednesday, June 19, 2002 12:26 PM To: dlpassport () s2access com Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Problems logging to syslog and mysql simultaneously Dallas, You need to pickup a syslog server like Kiwi Syslog Server or a freeware one: Snip--Snip -> For stability I would recommend 3com's free syslog server for Windowz http://support.3com.com/software/utilities_for_windows_32_bit.htm <-- for a bunch of goodies ftp://ftp.3com.com/pub/utilbin/win32/3CSyslog.zip <-- for the syslog server It runs great on 2K & XP This one may work: http://www.cls.de/Default.asp works well but randomly inserts fixed string in syslog output in the freeware version. <- Snip--Snip -Michael -- Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of dlpassport () s2access com Sent: Wednesday, June 19, 2002 10:32 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Problems logging to syslog and mysql simultaneously Hello list. I am running Snort 1.8.7-mysql-win32 and am having the following problem. I would like to log to the local mysql database as well as a remote syslog.
From all that I can find, the only way to log to a remote syslog is
with a -s 1.1.1.1 option from the command line. When I specify this on the command line, snort ignores my output database statement. Is there anyway to specify a remote syslog server within snort.conf? What else could be causing this problem? I'd prefer not to log to a local syslogd then forward. Thanks, Dallas LaRose <--snip from snort.conf--> output alert_syslog: LOG_AUTH LOG_ALERT output database: log, mysql, user=snort password=blah dbname=snort port=3306 host=localhost <--snip--> ------------------------------------------------------------------------ ---- Bringing you mounds of caffeinated joy >>> http://thinkgeek.com/sf <<< _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------------------------ ---- Bringing you mounds of caffeinated joy >>> http://thinkgeek.com/sf <<< _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ---------------------------------------------------------------------------- Bringing you mounds of caffeinated joy >>> http://thinkgeek.com/sf <<< _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problems logging to syslog and mysql simultaneously dlpassport (Jun 19)
- RE: Problems logging to syslog and mysql simultaneously Michael Steele (Jun 19)
- <Possible follow-ups>
- RE: Problems logging to syslog and mysql simultaneously Michael Steele (Jun 19)
- RE: Problems logging to syslog and mysql simultaneously dlpassport (Jun 19)
- RE: Problems logging to syslog and mysql simultaneously Michael Steele (Jun 19)
- RE: Problems logging to syslog and mysql simultaneously Michael Steele (Jun 19)
- RE: Problems logging to syslog and mysql simultaneously Don (Jun 19)
- RE: Problems logging to syslog and mysql simultaneously Michael Steele (Jun 19)
- RE: Problems logging to syslog and mysql simultaneously Frank Knobbe (Jun 21)
- RE: Problems logging to syslog and mysqlsimultaneously Michael Steele (Jun 21)
- RE: Problems logging to syslog and mysqlsimultaneously Don (Jun 22)
- RE: Problems logging to syslog and mysql simultaneously Don (Jun 19)