Snort mailing list archives
Re: Output Snort3
From: Y M via Snort-sigs <snort-sigs () lists snort org>
Date: Mon, 20 Apr 2020 15:35:28 +0000
Hello Ekrem,
From Snort 3 help:
# snort --help-module alert_syslog alert_syslog What: output event to syslog Type: logger Usage: global Configuration: enum alert_syslog.facility = auth: part of priority applied to each message { auth | authpriv | daemon | user | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 } enum alert_syslog.level = info: part of priority applied to each message { emerg | alert | crit | err | warning | notice | info | debug } multi alert_syslog.options: used to open the syslog connection { cons | ndelay | perror | pid } Example configuration in snort.lua: alert_syslog = { auth = local7, level = info } Example rule: alert tcp any any -> any any ( msg:"Sample Dummy Alert"; sid:1000000; rev:1; ) Output: # tail -f /var/log/messages Apr 20 18:26:08 snort3 snort[13337]: [1:1000000:1] "Sample Dummy Alert" {TCP} 192.168.0.1:14685 -> 173.37.145.84:25 Apr 20 18:26:08 snort3 snort[13337]: [1:1000000:1] "Sample Dummy Alert" {TCP} 192.168.0.1:9208 -> 173.37.145.84:80 Apr 20 18:26:08 snort3 snort[13337]: [1:1000000:1] "Sample Dummy Alert" {TCP} 173.37.145.84:25 -> 192.168.0.1:14685 Apr 20 18:26:08 snort3 snort[13337]: [1:1000000:1] "Sample Dummy Alert" {TCP} 173.37.145.84:80 -> 192.168.0.1:9208 Apr 20 18:26:08 snort3 snort[13337]: [1:1000000:1] "Sample Dummy Alert" {TCP} 192.168.0.1:14685 -> 173.37.145.84:25 Apr 20 18:26:08 snort3 snort[13337]: [1:1000000:1] "Sample Dummy Alert" {TCP} 192.168.0.1:9208 -> 173.37.145.84:80 snort-sigs list is intended for signatures. General operational questions can be sent to snort-users. Thank you. YM ________________________________ From: Snort-sigs <snort-sigs-bounces () lists snort org> on behalf of Ekrem AYDIN <Ekrem.AYDIN () arhs-cube com> Sent: Friday, April 17, 2020 3:40 PM To: snort-sigs () lists snort org <snort-sigs () lists snort org> Subject: [Snort-sigs] Output Snort3 Hello, How to configure the output alert_syslog on snort3 please ? A log file is required in order to use Zabbix. Regards, Ekrem AYDIN IT Trainee Email : ekrem.aydin () arhs-cube com<mailto:ekrem.aydin () arhs-cube com> [http://www.arhs-group.com/wp-content/uploads/2017/03/arhs-cube.png] 13, Boulevard du Jazz L-4370 Belvaux www.arhs-cube.com<http://www.arhs-cube.com/>
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Output Snort3 Ekrem AYDIN (Apr 20)
- Re: Output Snort3 Y M via Snort-sigs (Apr 20)
- Re: Output Snort3 Y M via Snort-sigs (Apr 20)
- Re: Output Snort3 Y M via Snort-sigs (Apr 20)