Snort mailing list archives
Re: Snort and multiple logging
From: Mike Kun <mkun () akamai com>
Date: Wed, 06 Oct 2010 08:52:14 -0400
On 10/06/2010 07:38 AM, egoitz () ramattack net wrote:
Hello all, I would like to know if I can configure snort to output logs to a remote syslog and simultaneously to a mysql database. The reason of doing this this way is for using ACID (that reads from mysql and works in realtime) and for ossec active responses wich requires logs to be in a log file... So like I plan to have several snort servers for sharing the load (each snort scanning each switch traffic) I'm planning to log all snort servers to a remote syslog (whose file is going to be scanned constantly by ossec and executing active responses) and simutaneously to mysql in order to acid to be able to display ids collected data in realtime. Could be this possible mates?? to log simultaneously to remote syslog and to mysql??... or is it any other advisable way of achieving this goal??. Thanks a lot. Bye! ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
I believe that Barnyard2 will allow you to send Snort output to multiple sources and I know that both mysql and syslog are supported. Should just be a matter of configuring Snort to write to unified2 setting up the barnyard2.conf file to output both mysql and syslog. ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and multiple logging egoitz (Oct 06)
- Re: Snort and multiple logging Nick Moore (Oct 06)
- Re: Snort and multiple logging egoitz (Oct 06)
- Re: Snort and multiple logging egoitz (Oct 06)
- Re: Snort and multiple logging Eoin Miller (Oct 06)
- Re: Snort and multiple logging egoitz (Oct 06)
- Re: Snort and multiple logging Jefferson, Shawn (Oct 06)
- Re: Snort and multiple logging Nick Moore (Oct 06)
- Re: Snort and multiple logging Mike Kun (Oct 06)