Snort mailing list archives
Re: Barnyard2 conf syntax for syslog
From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Fri, 04 Sep 2009 18:58:07 +0000
Try this:
Syslog Format # Examples: # output alert_syslog # output alert_syslog: host=192.168.10.1 # output alert_syslog: host=sysserver.com:1001 # output alert_syslog: LOG_AUTH LOG_INFO
output alert_syslog: host=1.1.1.1 LOG_AUTH LOG_ALERT The semi-colon is required. That's why it's in the examples. --On Friday, September 04, 2009 13:00:40 -0500 "Jefferson, Shawn" <Shawn.Jefferson () bcferries com> wrote:
No, unfortunately they aren't. It seems that you should be able to do: output alert_syslog host=1.1.1.1, LOG_AUTH LOG_ALERT but that doesn't work and throws an error in the daemon logs. -----Original Message----- From: Paul Schmehl [mailto:pschmehl_lists () tx rr com] Sent: Friday, September 04, 2009 10:41 AM To: Jefferson, Shawn; snort-users () lists sourceforge net Subject: Re: [Snort-users] Barnyard2 conf syntax for syslog --On Friday, September 04, 2009 12:00:49 -0500 "Jefferson, Shawn" <Shawn.Jefferson () bcferries com> wrote:I know the devs for barnyard2 frequent the list and lots of people are using it here. I'm having a problem specifying the hostname for syslog along with the severity and facility. I keep getting errors that the severity/facility is unknown (in the daemon.log - when testing with -T it would be nice to see these messages on the console.) What's the syntax for doing this with barnyard2 ? With barnyard 0.20, I was doing this: output alert_syslog2: severity: ALERT; syslog_host: 1.1.1.1;Are the examples in the conf file not working for you? Common Event Format # Examples: # output alert_cef # output alert_cef: host=192.168.10.1 # output alert_cef: host=sysserver.com:1001 # output alert_cef: LOG_AUTH LOG_INFO Syslog Format # Examples: # output alert_syslog # output alert_syslog: host=192.168.10.1 # output alert_syslog: host=sysserver.com:1001 # output alert_syslog: LOG_AUTH LOG_INFO -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson
-- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Barnyard2 conf syntax for syslog Paul Schmehl (Sep 07)
- Re: Barnyard2 conf syntax for syslog Jefferson, Shawn (Sep 07)
- Re: Barnyard2 conf syntax for syslog Paul Schmehl (Sep 07)
- Re: Barnyard2 conf syntax for syslog Jefferson, Shawn (Sep 07)
- Message not available
- Message not available
- Re: Barnyard2 conf syntax for syslog Jefferson, Shawn (Sep 07)
- Re: Barnyard2 conf syntax for syslog Jefferson, Shawn (Sep 07)
- Re: Barnyard2 conf syntax for syslog firnsy (Sep 07)
- Re: Barnyard2 conf syntax for syslog Paul Schmehl (Sep 07)
- Re: Barnyard2 conf syntax for syslog Jefferson, Shawn (Sep 07)
- Re: Barnyard2 conf syntax for syslog Jefferson, Shawn (Sep 07)