Snort mailing list archives
Re: [barnyard2-users] Logging to the Windows event log
From: "Michael Steele" <michaels () winsnort com>
Date: Wed, 30 Jan 2013 21:29:08 -0500
Rich, Yes, that logs events to the Application log in Windows, but Barnyard2 fails to process events to the database? If I remove the -E switch Barnyard2 processes events to the database. It appears that selecting the -E switch disables all other logging mechanisms? Best regards, Michael...
-----Original Message----- From: barnyard2-users () googlegroups com [mailto:barnyard2- users () googlegroups com] On Behalf Of Rich Rumble Sent: Wednesday, January 30, 2013 8:43 PM To: barnyard2-users () googlegroups com Subject: Re: [barnyard2-users] Logging to the Windows event log On Wed, Jan 30, 2013 at 8:32 PM, Rich Rumble <richrumble () gmail com> wrote:On Wed, Jan 30, 2013 at 8:25 PM, Michael Steele<michaels () winsnort com> wrote:Snort used to log events to the Event Viewer under Application log, but apparently that function is no longer works. Using the below in the snort.conf used to work: output alert_syslog: LOG_AUTH LOG_ALERTAgain this was a command line switch in snort not a CONF setting, I've looked at the source and change logs, it should still be present from what I can tell, try the "-E" option: http://flylib.com/books/en/2.12.1.51/1/Just downloaded the latest (http://s3.amazonaws.com/snort-org/www/snort- current/20121129/Snort_2_9_4_Installer.exe) C:\Snort\bin>snort --help ,,_ -*> Snort! <*- o" )~ Version 2.9.4-WIN32 GRE (Build 40) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 1998-2012 Sourcefire, Inc., et al. Using PCRE version: 8.10 2010-06-25 Using ZLIB version: 1.2.3 USAGE: snort [-options] <filter options> snort /SERVICE /INSTALL [-options] <filter options> snort /SERVICE /UNINSTALL snort /SERVICE /SHOW Options: -A Set alert mode: fast, full, console, test or none (alert file alerts only) -b Log packets in tcpdump format (much faster!) -B <mask> Obfuscated IP addresses in alerts and packet dumps
using
CIDR mask -c <rules> Use Rules File <rules> -C Print out payloads with character data only (no hex) -d Dump the Application Layer -e Display the second layer header info -E Log alert messages to NT Eventlog. (Win32 only) <------------------------------------------------------------------ I haven't had time to try it though... -rich -- --- You received this message because you are subscribed to the Google Groups "barnyard2-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to barnyard2-users+unsubscribe () googlegroups com. For more options, visit https://groups.google.com/groups/opt_out.
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: [barnyard2-users] Logging to the Windows event log Michael Steele (Jan 30)
- Message not available
- Message not available
- Re: [barnyard2-users] Logging to the Windows event log Michael Steele (Jan 30)
- Message not available
- Message not available