Snort mailing list archives
RE: Logging to Remote Syslog and ACID Console
From: "Parker, Ian" <parker.ian () syncrude com>
Date: Mon, 4 Nov 2002 15:25:22 -0700
I am using the Kiwi Syslog daemon on a remote Win2K box and I can send the alerts to it using the -s switch. The problem is that use of the -s switch overrides my attempts to also send the alerts to a MySQL database that is also on the Win2K machine. I understand that a patch was developed to prevent this override behaviour, at least on Windows systems, but it doesn't seem to have made it into the source yet. I couldn't find the patch on sourceforge.net either. Ian Parker, GCWN Senior Systems Analyst Upgrading Plant Computing Syncrude Canada Ltd (780)790-4631 parker.ian () syncrude com -----Original Message----- From: Michael Steele [mailto:michaels () silicondefense com] Sent: Monday, November 04, 2002 3:02 PM To: 'Parker, Ian' Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Logging to Remote Syslog and ACID Console Ian, You will need to use a program like Kiwi Syslog Server, if you want to shove your logs to a remote syslog server. This may have been fixed on a CVS version of Short, not real sure. Some help here guys, Chris? Is this available in the 1.9.x release or in the latest CVS version of 1.9.x? I believe the -s option failed on Windows. -Michael -- Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Parker, Ian Sent: Monday, November 04, 2002 9:46 AM To: 'twig les'; Parker, Ian; 'snort-users () lists sourceforge net' Subject: RE: [Snort-users] Logging to Remote Syslog and ACID Console Sorry, I should have pointed out that this is a Windows box, so I don't have a syslog.conf file. If I create one, will Snort look for it? If so, where should it be located? Ian Parker, GCWN Senior Systems Analyst Upgrading Plant Computing Syncrude Canada Ltd (780)790-4631 parker.ian () syncrude com -----Original Message----- From: twig les [mailto:twigles () yahoo com] Sent: Monday, November 04, 2002 10:30 AM To: Parker, Ian; 'snort-users () lists sourceforge net' Subject: Re: [Snort-users] Logging to Remote Syslog and ACID Console You don't specify the remote syslog server in the snort.conf file or in the command line. Lose the -s, use snort.conf to tell snort to syslog the stuff, then edit /etc/syslog.conf to use the correct server. --- "Parker, Ian" <parker.ian () syncrude com> wrote:
Is it possible to send alerts to both a remote Syslog server and a remote ACID console? I can do one or the other, but if I specify the -s switch in the command line, it overrides the output plug-in for MySQL in the config file. The config file does not seem to allow you to specify a remote Syslog server. I suppose I could set up a local Syslog server and have it forward stuff to the remote daemon but I'd like to avoid that complication if possible. Ian Parker, GCWN Senior Systems Analyst Upgrading Plant Computing Syncrude Canada Ltd (780)790-4631 parker.ian () syncrude com
-------------------------------------------------------
This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users ===== ----------------------------------------------------------- Heavy metal made me do it. ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ ------------------------------------------------------- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Logging to Remote Syslog and ACID Console Parker, Ian (Nov 04)
- Re: Logging to Remote Syslog and ACID Console twig les (Nov 04)
- RE: Logging to Remote Syslog and ACID Console Wayne T Work (Nov 04)
- <Possible follow-ups>
- RE: Logging to Remote Syslog and ACID Console Parker, Ian (Nov 04)
- RE: Logging to Remote Syslog and ACID Console Frank Knobbe (Nov 04)
- RE: Logging to Remote Syslog and ACID Console Michael Steele (Nov 04)
- RE: Logging to Remote Syslog and ACID Console Parker, Ian (Nov 04)
- RE: Logging to Remote Syslog and ACID Console Michael Steele (Nov 04)