Snort mailing list archives

RE: Snort Syslog Alerts on Win32

From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Fri, 3 Jan 2003 18:28:46 -0500

Unfortunately, there is no syslog daemon on the WinNT4 Snort box -- only on
the other server.  :{  I was hoping that like Cisco and other network
devices I could direct the syslog messages from Snort to another server.  

Christopher 


-----Original Message-----
From: Bob McDowell [mailto:bmcdowell () coxhealthplans com]
Sent: Friday, January 03, 2003 6:27 PM
To: 'L. Christopher Luther'
Subject: RE: [Snort-users] Snort Syslog Alerts on Win32
Sensitivity: Confidential


I think you'd need to do this in your syslog daemon.  You can make it easy
on yourself by making snort log to 'Local1' if you'd like.

-----Original Message-----
From: L. Christopher Luther [mailto:cluther () xybernaut com]
Sent: Friday, January 03, 2003 5:02 PM
To: Snort-Users (E-mail)
Subject: [Snort-users] Snort Syslog Alerts on Win32
Sensitivity: Confidential


-----BEGIN PGP SIGNED MESSAGE----- 
Hash: SHA1 
I would like to configure Snort (version 1.8.6 running on a WinNT4 
box) to send Snort alerts to a syslog server on another WinNT4 box. 
The "output alert_syslog" is pretty straight forward, accept I am not 
sure of how to direct output this to another host???  The docs I have 
do not specify any "host=" option.  


Sincerely,  
L. Christopher Luther  
Technical Consultant  
Xybernaut Solutions, Inc.  
(703) 654-3642  
cluther () xybernaut com  
http://www.xybernautsolutions.com  

My PGP Public Key:  
http://keyserver.pgp.com/pks/lookup?op=get&search=0x21261B88 

CONFIDENTIALITY NOTE:  This communication contains 
information that is confidential and/or legally privileged.  
This information is intended only for the use of the individual 
or entity named on this communication. If you are not the 
intended recipient, you are hereby notified that any disclosure, 
copying, distribution, printing or other use of, or any action 
in reliance on, the contents of this communication is strictly 
prohibited.  If you receive this communication in error, please 
immediately notify us by telephone at (703) 631-6925. 

============================================================ 
Unsolicited commercial e-mail will automatically be reported 
to the appropriate abuse@ - without exception. 
============================================================ 


-----BEGIN PGP SIGNATURE----- 
Version: PGP 7.1.2 
iQA/AwUBPhYWg6u/XM0hJhuIEQJp9QCg8SFUXSb7yrpOG0Rv+gLvRlpn4gkAnj8H 
la4Z8Pko+5h79KaeMlghIOMX 
=1T7j 
-----END PGP SIGNATURE-----

Current thread:

Snort Syslog Alerts on Win32 L. Christopher Luther (Jan 03)
- <Possible follow-ups>
- RE: Snort Syslog Alerts on Win32 L. Christopher Luther (Jan 03)
  - RE: Snort Syslog Alerts on Win32 Don Weber (Jan 03)
- RE: Snort Syslog Alerts on Win32 L. Christopher Luther (Jan 04)
  - RE: Snort Syslog Alerts on Win32 Rich Adamson (Jan 04)
  - RE: Snort Syslog Alerts on Win32 Frank Knobbe (Jan 04)
- RE: Snort Syslog Alerts on Win32 L. Christopher Luther (Jan 04)
- RE: Snort Syslog Alerts on Win32 L. Christopher Luther (Jan 04)
- RE: Snort Syslog Alerts on Win32 L. Christopher Luther (Jan 04)
  - RE: Snort Syslog Alerts on Win32 Don Weber (Jan 05)