IDS mailing list archives

Re: Naming sensors via syslog with snort?

From: "Ivan Coric" <ivan.coric () workcoverqld com au>
Date: Fri, 10 Oct 2003 13:41:34 +1000

Hi James,

"I'm not too sure that I'm understanding correctly, but from what I gather your thinking of starting multiple snort 
instances from 1 config file, 
whereas you should be using 1 config file per node so you can properly 
control each config. As such, the single line sensor_name= will suffice. "

http://archives.neohapsis.com/archives/snort/2002-09/0315.html

cheers


Ivan Coric
IT Technical Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: ivan.coric () workcoverqld com au

"James Hunter" <jhunter () dotprofile net> 10/10/03 10:58am >>>

Is there a way to "name" the sensors when using syslog and snort?
I'm using Snortcenter w/acid, etc... as the manager and the
snortcenter agent on another machine.  I log everything back to the
main snortcenter box via syslog to one file but they all just give the
hostname.


James Hunter
303-726-7067
jhunter () dotprofile net 



---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to: 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo 
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 
---------------------------------------------------------------------------







***************************************************************************
Messages included in this e-mail and any of its attachments are those
of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used 
for the intended purpose only and are to be kept confidential at all times.
This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this 
information should be deleted promptly and the sender notified.
This e-mail has been scanned by Sophos for known viruses.
However, no warranty nor liability is implied in this respect.
**********************************************************************


---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to:
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------

Current thread:

Naming sensors via syslog with snort? James Hunter (Oct 09)
- <Possible follow-ups>
- Re: Naming sensors via syslog with snort? Ivan Coric (Oct 09)