Snort mailing list archives
Re: snort syslog to siem
From: kinomakino <kinomakino () hotmail com>
Date: Thu, 28 Aug 2014 21:03:05 +0200
The *** it´s only for security purpose xD. i have this done, in my rsyslog i accept all for the snort -ip server. Thanks !!! _____ De: Y M [mailto:snort () outlook com] Enviado el: jueves, 28 de agosto de 2014 21:03 Para: kinomakino CC: snort-users Asunto: RE: [Snort-users] snort syslog to siem From: kinomakino () hotmail com To: snort-users () lists sourceforge net Date: Thu, 28 Aug 2014 20:47:34 +0200 Subject: [Snort-users] snort syslog to siem Thanks for your help as always. I am configuring syslog for sending snort alerts to a SIEM (OSSIM) I have this setup snort: alert_syslog output: host = *********: 514, LOG_AUTH LOG_ALERT # Replace "*********" above with the remote syslog server that is to receive the logs. The remote syslog server needs to be configured to receive those logs. If you use Barnyard2, let it handle sending the logs instead of Snort. This way I export the logs to the local syslog, to var / log / messages. Any idea how to properly configure the sending of syslog from snort to rsyslog other systems? Thank you !!! ---------------------------------------------------------------------------- -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort syslog to siem kinomakino (Aug 28)
- Re: snort syslog to siem Y M (Aug 28)
- Re: snort syslog to siem kinomakino (Aug 28)
- Re: snort syslog to siem Y M (Aug 28)