Snort mailing list archives
Re: RE: Snort/Log report software
From: "tazmaniak tazmaniak" <clyss () hotmail com>
Date: Tue, 05 Nov 2002 17:03:54 +0000
Hello, Mickael, could you check the url of symantec ? RE: [Snort-users] Snort/Log report software http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=3%20&D=159 seems to be Ghost... Thanks! ----Original Message Follows---- From: snort-users-request () lists sourceforge net Reply-To: snort-users () lists sourceforge net To: snort-users () lists sourceforge net Subject: Snort-users digest, Vol 1 #2458 - 11 msgs Date: Mon, 04 Nov 2002 09:30:08 -0800 MIME-Version: 1.0Received: from mc7-f25.law1.hotmail.com ([65.54.253.32]) by mc7-s17.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Mon, 4 Nov 2002 09:39:13 -0800 Received: from usw-sf-list2.sourceforge.net ([216.136.171.252]) by mc7-f25.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Mon, 4 Nov 2002 09:39:13 -0800 Received: from usw-sf-list1-b.sourceforge.net ([10.3.1.13] helo=usw-sf-list1.sourceforge.net)by usw-sf-list2.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))id 188l4A-0001kY-00; Mon, 04 Nov 2002 09:31:10 -0800
X-Mailer: Mailman v2.0.9-sf.net Sender: snort-users-admin () lists sourceforge net Errors-To: snort-users-admin () lists sourceforge net X-BeenThere: snort-users () lists sourceforge net X-Mailman-Version: 2.0.9-sf.net Precedence: bulk List-Help: <mailto:snort-users-request () lists sourceforge net?subject=help> List-Post: <mailto:snort-users () lists sourceforge net>List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,<mailto:snort-users-request () lists sourceforge net?subject=subscribe> List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,<mailto:snort-users-request () lists sourceforge net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum=snort-users>
Message-Id: <E188l4A-0001kY-00 () usw-sf-list2 sourceforge net> Return-Path: snort-users-admin () lists sourceforge netX-OriginalArrivalTime: 04 Nov 2002 17:39:13.0335 (UTC) FILETIME=[16F31470:01C28429]
Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-admin () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." Today's Topics: 1. RE: e100 promisc mode (Peter Param) 2. RE: Clean up/Reset Logs (Michael Steele) 3. RE: Snort/Log report software (Michael Steele) 4. RE: Snort/Log report software (Michael Steele) 5. New SnortSam plugins and Mail List (Frank Knobbe) 6. RE: Snort/Mysql/ACID/MS PWS help (Security Admin) 7. RE: Question about MSSQL (Robbins, Mark) 8. Mysql cleanup script? (Nathan Whitehouse) 9. rule for detecting Raptor denial of service (John McCain) 10. Logging to Remote Syslog and ACID Console (Parker, Ian) 11. Re: Logging to Remote Syslog and ACID Console (twig les) --__--__-- Message: 1 Date: Mon, 04 Nov 2002 08:28:28 +1100 From: "Peter Param" <pparam () stvincents com au> To: <jack.lyons () martinagency com> CC: <snort-users () lists sourceforge net> Subject: RE: [Snort-users] e100 promisc mode Hey Jack, Ben Feinstein gave me this URL that provided a driver that worked well for me: http://www.intel.com/support/network/adapter/1000/linux/e100.htm Like yourself I was using the Compaq driver without much success. cheers Peter >>> Jack Lyons <jack.lyons () martinagency com> 11/02/02 00:38 AM >>> Related issue, I have having problems getting the e100 driver going in full-duplex. I have tried editing modules.conf and added options, but it doesn't seem to work. It is redhat 7.3 on Compaq server Thanks. -----Original Message----- From: Peter Param [mailto:pparam () stvincents com au] Sent: Thursday, October 31, 2002 4:55 PM To: snort-users () lists sourceforge net Subject: [Snort-users] e100 promisc mode Hi all, Recently installed Snort 1.9 on linux 2.4.7-10. I had to get the latest e100 driver (2.1.6) from Compaq to get it working on the machine with an inbuilt NIC. The card works but not in promisc mode. Doing a "ifconfig eth0 promisc" makes it look like its working in promiscuous mode but really it isn't. I confirmed this by running tcpdump alongside snort...only sees broadcasts. Another machine (an ibook with ver10) on the same segment (same hub etc) running tcpdump also, confirms that it can see all frames. I'm stumped!...any ideas?? cheers Peter ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been virus scanned and although no viruses were detected by the system, St Vincent's Hospital accepts no liability for any consequential damage resulting from email containing any computer viruses. ********************************************************************** ------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users This email and its contents may be confidential. If it is and you are not the intended recipient, please do not disclose or use the information within this email or its attachments. If you have received this email in error, please delete it immediately. Thank you. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been virus scanned and although no viruses were detected by the system, St Vincent's Hospital accepts no liability for any consequential damage resulting from email containing any computer viruses. ********************************************************************** --__--__-- Message: 2 From: "Michael Steele" <michaels () silicondefense com> To: "'Florian Huber'" <florian.huber () mnet-online de> Cc: <snort-users () lists sourceforge net> Subject: RE: [Snort-users] Clean up/Reset Logs Date: Sun, 3 Nov 2002 14:28:17 -0800 Florian, Did you stop Snort prior to renaming the files? Snort will create the files if they are absent. Try stopping snort then move the files out then restart Snort. -Michael Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Florian Huber Sent: Sunday, November 03, 2002 10:13 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Clean up/Reset Logs Hi, can anyone tell me how to clean up/reset the snort logs ind /var/log/snort/*? I tried to rename the alert and the portscan.log file and create new empty ones, but snort wrote to the renamed files (alert.old). Is there a good solution? or do i have to remove the whole directory? TIA Florian Huber ------------------------------------------------------- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users --__--__-- Message: 3 From: "Michael Steele" <michaels () silicondefense com> To: <snort-users () lists sourceforge net> Date: Sun, 3 Nov 2002 14:37:39 -0800 Subject: [Snort-users] RE: Snort/Log report software -Michael Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: Michael Steele [mailto:michaels () silicondefense com]=20 Sent: Sunday, November 03, 2002 2:37 PM To: 'Zolla Zimmerman' Subject: RE: [Snort-users] Snort/Log report software Zolla, You can send your logs into Security Focus and they can transform them into a report for you, and it's free. http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=3D= 1 59 -Michael Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Zolla Zimmerman Sent: Friday, November 01, 2002 11:17 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort/Log report software Hi All, Is there any windows based reporting software available which can create the=20 report in HTML format? The database will be MySQL on Linux but the reporting=20 tool must be running on a Windows platform. Any help or hint will be greatly appreciated. TIA Zolla _________________________________________________________________ Unlimited Internet access for only $21.95/month.=A0 Try MSN!=20 http://resourcecenter.msn.com/access/plans/2monthsfree.asp ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm=20 Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users --__--__-- Message: 4 From: "Michael Steele" <michaels () silicondefense com> To: <snort-users () lists sourceforge net> Date: Sun, 3 Nov 2002 14:38:15 -0800 Subject: [Snort-users] RE: Snort/Log report software Zolla, You can send your logs into Security Focus and they can transform them into a report for you, and it's free. http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=3D= 1 59 -Michael Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Zolla Zimmerman Sent: Friday, November 01, 2002 11:17 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort/Log report software Hi All, Is there any windows based reporting software available which can create the=20 report in HTML format? The database will be MySQL on Linux but the reporting=20 tool must be running on a Windows platform. Any help or hint will be greatly appreciated. TIA Zolla _________________________________________________________________ Unlimited Internet access for only $21.95/month.=A0 Try MSN!=20 http://resourcecenter.msn.com/access/plans/2monthsfree.asp ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm=20 Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users --__--__-- Message: 5 From: Frank Knobbe <fknobbe () knobbeits com> To: snort-users () lists sourceforge net Cc: snort-announce () lists sourceforge net Date: 03 Nov 2002 17:40:13 -0600 Subject: [Snort-users] New SnortSam plugins and Mail List --=-ej/DyYbv8Q4peZ43p5Xo Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Greetings, I promise this will be my last post for SnortSam stuff here. I wanted to let you know that SnortSam has now two mail lists you can subscribe to. One is an announcement list like snort-announce. The other is a discussion list like snort-users. Please see http://www.snortsam.net/maillist.asp for subscription information. For those who missed it... The Netscreen plugin been finally released. Thanks to Christopher Lyon for his assistance. In addition, we now have an IPFilter plugin. Thanks to Erik Sneep for writing it. Furthermore, Thomas Maier started working on a Watchguard plugin. We should have a working beta together soon. And no stopping there... someone else is currently looking into a plugin for the CyberGuard firewall. It looks like SnortSam is evolving into a Swiss-Army knife for active blocking with Snort... Regards, Frank --=-ej/DyYbv8Q4peZ43p5Xo Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iQCVAwUAPcWz3b+0ijK5TGa5AQLEAgQAzyW6km69KRBNRKpfVRp9KTf/o2NyvORH 3Sw7lbmk/QNvCF6LbJ1/PiWqHo3EKVH/FarnHr7WHcEhETmHzmhlHoMXBIYGk9bW qrsRGdTI170bkAc5OSp2NLlx6TctcuKpFUgFlzHJm8cr8z9eHMA9+bcVS2JxifYZ AH9MszzGg+g= =hhEd -----END PGP SIGNATURE----- --=-ej/DyYbv8Q4peZ43p5Xo-- --__--__-- Message: 6 From: Security Admin <SecurityAdmin () hyprotech com> To: 'NN C' <d8da () operamail com> Cc: "'snort-users () lists sourceforge net'" <snort-users () lists sourceforge net> Subject: RE: [Snort-users] Snort/Mysql/ACID/MS PWS help Date: Sun, 3 Nov 2002 20:10:57 -0700 when using php under windows (IIS or PWS) you need to do ISAPI mappings under the website. See the install doc onder PHP on how to do this. If the webserver doesn't know what executable to use with a .php extension it will look like it's working, then it will fail. www.silicondefense,com should have some good docs on using acid for this undr windows. I know I had it running myself, but on windows 2k server -----Original Message----- From: NN C [mailto:d8da () operamail com] Sent: Friday, November 01, 2002 5:53 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort/Mysql/ACID/MS PWS help I know most people do not like Microsoft and the Windows product line, however, this is what I have to work with to learn. I have installed: Win98 SE WinPcap 3.0.a snort 1.9.0-win32 mysql 3.23.52 ACID 0.9.6b21 php 4.2.3 adodb 190 phplot 4.4.6 DBTools manager Microsoft personal Web Server 4.0 for Windows 98 a few plugins... all on dial-up (currently no NIc installed, but coming...) I have ran several tests of snort to get familiar with the snort. After successfuly installing mysql, I ran snort and get output in the databse. QUESTION 1: how do you post process this information to read it before using ACID? I tried several things to get ACID going, but no success there. Is there any information I skipped in google as to how to run ACID and snort and mysql using the simple MS personal web server? I also downloaded apache for win32, but before I go installing all this other stuff to play with my snort results, I want to know I did everything possible with what I already have. Help please... ( I am quickly becoming a linux baby, but for now it is easier to learn in windows) d8da ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users --__--__-- Message: 7 From: "Robbins, Mark" <MRobbins () sf edu> To: snort-users () lists sourceforge net Subject: RE: [Snort-users] Question about MSSQL Date: Mon, 4 Nov 2002 07:48:03 -0500 This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C28400.6A67A900 Content-Type: text/plain Before you update to 1.9.0.... I don't think your problems have to do with an outdated version of the schema. The errors you mention sound like the ones in the binary of 1.9.0, and I'm not aware of anyone who has gotten it to work in this fashion without editing the source and recompiling. I had no such errors with previous versions. Make sure the binaries are compiled for MSSQL (and not MySQL as well.) Mark -----Original Message----- From: Erek Adams [mailto:erek () theadamsfamily net] Sent: Saturday, November 02, 2002 7:21 AM To: Don Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Question about MSSQL On Sat, 2 Nov 2002, Don wrote: > I'm getting just tons of errors > is anyone suing this option yet with win2k server and mssql, snort > build 1.8.6, i used the mssql-create script that came with the build, > one problem [...snip...] One word: UPDATE 1.9.0 [0] is out and 1.9.1 is coming 'real soon now'. Some of the errors that you are having are due to your schema being an older version. You'll need to update your schema to the current version. Since you're not using it yet, I'd suggest blowing away the DB and starting over. Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net [0] http://www.snort.org/dl/binaries/1.9.0/Snort-1.9.0-win32.exe ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------_=_NextPart_001_01C28400.6A67A900 Content-Type: text/html Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2653.12"> <TITLE>RE: [Snort-users] Question about MSSQL</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>Before you update to 1.9.0....</FONT> <BR><FONT SIZE=3D2>I don't think your problems have to do with an = outdated version of the schema. The errors you mention sound like the = ones in the binary of 1.9.0, and I'm not aware of anyone who has gotten = it to work in this fashion without editing the source and recompiling. = </FONT></P> <P><FONT SIZE=3D2>I had no such errors with previous versions. Make = sure the binaries are compiled for MSSQL (and not MySQL as = well.)</FONT> </P> <P><FONT SIZE=3D2>Mark</FONT> </P> <P><FONT SIZE=3D2>-----Original Message-----</FONT> <BR><FONT SIZE=3D2>From: Erek Adams [<A = HREF=3D"mailto:erek () theadamsfamily net">mailto:erek () theadamsfamily net</= A>] </FONT> <BR><FONT SIZE=3D2>Sent: Saturday, November 02, 2002 7:21 AM</FONT> <BR><FONT SIZE=3D2>To: Don</FONT> <BR><FONT SIZE=3D2>Cc: snort-users () lists sourceforge net</FONT> <BR><FONT SIZE=3D2>Subject: Re: [Snort-users] Question about = MSSQL</FONT> </P> <BR> <P><FONT SIZE=3D2>On Sat, 2 Nov 2002, Don wrote:</FONT> </P> <P><FONT SIZE=3D2>> I'm getting just tons of errors</FONT> <BR><FONT SIZE=3D2>> is anyone suing this option yet with win2k = server and mssql, snort </FONT> <BR><FONT SIZE=3D2>> build 1.8.6, i used the mssql-create script = that came with the build, </FONT> <BR><FONT SIZE=3D2>> one problem</FONT> </P> <P><FONT SIZE=3D2>[...snip...]</FONT> </P> <P><FONT SIZE=3D2>One word: UPDATE</FONT> </P> <P><FONT SIZE=3D2>1.9.0 [0] is out and 1.9.1 is coming 'real soon = now'. Some of the errors that you are having are due to your = schema being an older version. You'll need to update your schema to the = current version. Since you're not using it yet, I'd suggest = blowing away the DB and starting over.</FONT></P> <P><FONT SIZE=3D2>Cheers!</FONT> </P> <P><FONT SIZE=3D2>-----</FONT> <BR><FONT SIZE=3D2>Erek Adams</FONT> <BR><FONT SIZE=3D2>Nifty-Type-Guy</FONT> <BR><FONT SIZE=3D2>TheAdamsFamily.Net</FONT> </P> <P><FONT SIZE=3D2>[0] <A = HREF=3D"http://www.snort.org/dl/binaries/1.9.0/Snort-1.9.0-win32.exe" = TARGET=3D"_blank">http://www.snort.org/dl/binaries/1.9.0/Snort-1.9.0-win= 32.exe</A></FONT> </P> <BR> <BR> <P><FONT = SIZE=3D2>-------------------------------------------------------</FONT> <BR><FONT SIZE=3D2>This sf.net email is sponsored by: See the NEW Palm = </FONT> <BR><FONT SIZE=3D2>Tungsten T handheld. Power & Color in a compact = size! <A = HREF=3D"http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en" = TARGET=3D"_blank">http://ads.sourceforge.net/cgi-bin/redirect.pl?palm000= 1en</A></FONT> <BR><FONT = SIZE=3D2>_______________________________________________</FONT> <BR><FONT SIZE=3D2>Snort-users mailing list</FONT> <BR><FONT SIZE=3D2>Snort-users () lists sourceforge net</FONT> <BR><FONT SIZE=3D2>Go to this URL to change user options or = unsubscribe: <A = HREF=3D"https://lists.sourceforge.net/lists/listinfo/snort-users" = TARGET=3D"_blank">https://lists.sourceforge.net/lists/listinfo/snort-use= rs</A></FONT> <BR><FONT SIZE=3D2>Snort-users list archive: <A = HREF=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users" = TARGET=3D"_blank">http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-u= sers</A></FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C28400.6A67A900-- --__--__-- Message: 8 From: "Nathan Whitehouse" <nwhitehouse () compendiumusa net> To: <snort-users () lists sourceforge net> Date: Mon, 4 Nov 2002 09:04:20 -0500 Subject: [Snort-users] Mysql cleanup script? Dose anyone have a Mysql cleanup script? Something I can run once a week or month to clean out my Mysql database for snort alerts. Thanks Nathan Whitehouse Network Operations & Systems Administrator CompEndium Services Inc. Main 877-709-2667 Local 678-985-5678 Direct 770-822-6697 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.408 / Virus Database: 230 - Release Date: 10/24/2002 --__--__-- Message: 9 From: John McCain <jmccain () layer3al com> To: snort-users () lists sourceforge net Date: 04 Nov 2002 09:08:57 -0600 Subject: [Snort-users] rule for detecting Raptor denial of service Does anyone know if a rule exists for the vulnerability discussed here: http://www.nwfusion.com/news/2002/1016symsec.html and here:http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2002101807105854?OpenDocument&src=ent_hot&dtype=corp&tpre= Further, does anyone know if Symantec's patch for this vulnerability has been verified to work? --__--__-- Message: 10 From: "Parker, Ian" <parker.ian () syncrude com> To: "'snort-users () lists sourceforge net'" <snort-users () lists sourceforge net> Date: Mon, 4 Nov 2002 09:30:30 -0700 Subject: [Snort-users] Logging to Remote Syslog and ACID Console Is it possible to send alerts to both a remote Syslog server and a remote ACID console? I can do one or the other, but if I specify the -s switch in the command line, it overrides the output plug-in for MySQL in the config file. The config file does not seem to allow you to specify a remote Syslog server. I suppose I could set up a local Syslog server and have it forward stuff to the remote daemon but I'd like to avoid that complication if possible. Ian Parker, GCWN Senior Systems Analyst Upgrading Plant Computing Syncrude Canada Ltd (780)790-4631 parker.ian () syncrude com --__--__-- Message: 11 Date: Mon, 4 Nov 2002 09:29:48 -0800 (PST) From: twig les <twigles () yahoo com> Subject: Re: [Snort-users] Logging to Remote Syslog and ACID Console To: "Parker, Ian" <parker.ian () syncrude com>, "'snort-users () lists sourceforge net'" <snort-users () lists sourceforge net> You don't specify the remote syslog server in the snort.conf file or in the command line. Lose the -s, use snort.conf to tell snort to syslog the stuff, then edit /etc/syslog.conf to use the correct server. --- "Parker, Ian" <parker.ian () syncrude com> wrote: > Is it possible to send alerts to both a remote > Syslog server and a remote > ACID console? I can do one or the other, but if I > specify the -s switch in > the command line, it overrides the output plug-in > for MySQL in the config > file. The config file does not seem to allow you to > specify a remote Syslog > server. I suppose I could set up a local Syslog > server and have it forward > stuff to the remote daemon but I'd like to avoid > that complication if > possible. > > Ian Parker, GCWN > > Senior Systems Analyst > Upgrading Plant Computing > Syncrude Canada Ltd > > (780)790-4631 > parker.ian () syncrude com > > > > ------------------------------------------------------- > This SF.net email is sponsored by: ApacheCon, > November 18-21 in > Las Vegas (supported by COMDEX), the only Apache > event to be > fully supported by the ASF. http://www.apachecon.com > _______________________________________________ > Snort-users mailing list > Snort-users () lists sourceforge net > Go to this URL to change user options or > unsubscribe: > https://lists.sourceforge.net/lists/listinfo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.php3?list=snort-users ===== ----------------------------------------------------------- Heavy metal made me do it. ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ --__--__-- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest _________________________________________________________________MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp
-------------------------------------------------------This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort/Log report software Zolla Zimmerman (Nov 01)
- <Possible follow-ups>
- RE: Snort/Log report software Ibarra, Michael (Nov 01)
- RE: Snort/Log report software Matt Yackley (Nov 01)
- RE: Snort/Log report software Michael Steele (Nov 03)
- RE: Snort/Log report software Michael Steele (Nov 03)
- Re: RE: Snort/Log report software tazmaniak tazmaniak (Nov 05)