Re: Naming the Sensors in a multiple interface sensor

["James Hunter" <jhunter () dotprofile net>]

That is true it is the syslog I'm having problems with.



> On Thu, 9 Oct 2003, Marc Quibell wrote:
>
> > In Snort.conf, in the "output database:" line, there should be or you
> > can add "sensor_name=[name]" at the end of the line...
>
> Right.  That would work great if he were dealing with a DB.  Instead
> he's dealing with syslog.
>
> > > Message: 8
> > > Date: Thu, 9 Oct 2003 11:13:29 -0600 (MDT)
> > > From: "James Hunter" <jhunter () dotprofile net>
> > > To: <snort-users () lists sourceforge net>
> > > Subject: [Snort-users] Naming the Sensors in a multiple interface
> > sensor
> >
> > > Is there a way to "name" the sensors when using syslog and snort?
> > I'm using Snortcenter w/acid, etc... as the manager and the
> > snortcenter agent on another machine.  I log everything back to the
> > main snortcenter box to one file but they all just give the hostname.
>
> How about:
>
>       hostname snort-sensor1
>
> :)
>
> Sadly there's no real way to do that.  It's all dependant on the syslog
> implementation of your box.
>
> Cheers!
>
> -----
> Erek Adams
>
>    "When things get weird, the weird turn pro."   H.S. Thompson


James Hunter
303-726-7067
jhunter () dotprofile net




-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users