Snort mailing list archives
Re: Question about Syslog
From: Martin Holste <mcholste () gmail com>
Date: Fri, 20 Apr 2012 12:02:14 -0500
Your options for running syslog on Windows are limited and non-free. Have you considered running a completely free VirtualBox instance of another OS? Otherwise, I'd recommend Splunk personal edition, which runs on Windows. On Thu, Apr 19, 2012 at 2:52 PM, Craft, Robert <Robert.Craft () atlanticare org> wrote:
Warning, I’m not an expert or even good at this. This is the way I set up the one I’m running: output alert_syslog: host=localhost:514, LOG_AUTH LOG_ALERT (that host= entry seems to be it) and the command line via .bat c:\snort\bin\snort -i 2 -s -l c:\snort\log\ -c c:\snort\etc\snort.conf SysLogServer might have some useful features, I’ve not tried it yet. www.brothersoft.com/downloads/syslog-server.html ftp://ftp.heanet.ie/disk1/sourceforge/s/project/sy/syslog-server/syslog-server/1.2.x/Help.pdf ________________________________ From: Bo [mailto:bo.sun () aurenav com] Sent: Wednesday, April 18, 2012 8:39 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Question about Syslog Hi, everyone! I have installed snort in my windows system, but I want to ask two questions realtes to syslog. Firstly, I really encounter a problem when I want my Snort output log into kiwisyslog. My configurateion for syslog is in snort.conf : output alert_syslog: host=127.0.0:514, LOG_AUTH LOG_ALERT And my command for start Snort is : C:\Snort\bin\snort -i4 -s -l c:\snort\log\ -c c:\snort\etc\snort.conf But there is no log file into kiwisyslog. Could you help me point out what's wrong with configuration or what the problem may it is? Secondly,I really want to know is if there are other syslog servers apart from Kiwi Syslog server that I can use in order to remotely monitor a network and if there are performance issues for each one of them that I should consider for my choice e.g. if one provides quicker alerts, uses a lot of memory etc. p.s. Windows 7 of Windows XP system. Thank you for your time so much!! Looking forward your reply! Thanks & Regards, Bo ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Question about Syslog Bo (Apr 18)
- Re: Question about Syslog Craft, Robert (Apr 20)
- Re: Question about Syslog Martin Holste (Apr 20)
- Re: Question about Syslog Craft, Robert (Apr 20)