Snort mailing list archives
Re: can snort decode syslog traffic and feed that traffic into logsnorter
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Tue, 4 Dec 2001 16:28:41 +1300
On Mon, Dec 03, 2001 at 05:28:54PM +0000, Raymond Jacob wrote:
The only part I was not aware of was snort's ability to capture syslog traffic and output that traffic into a syslog messages file? Has anyone written a plugin, if that
I think what you're really after is passlogd That is a "passive" syslog server that reports *ALL* syslog events it sees go past. Works well. As you say, just configure your hosts to log to a non-existant address that lies next to where passlogd is running, and it'll catch everything. Checkout http://freshmeat.net/projects/passlogd -- Cheers Jason Haar Information Security Manager Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- can snort decode syslog traffic and feed that traffic into logsnorter Raymond Jacob (Dec 03)
- Re: can snort decode syslog traffic and feed that traffic into logsnorter John Sage (Dec 03)
- Re: can snort decode syslog traffic and feed that traffic into logsnorter Jason Haar (Dec 03)
- <Possible follow-ups>
- Re: can snort decode syslog traffic and feed that traffic into logsnorter Raymond Jacob (Dec 04)
- Re: can snort decode syslog traffic and feed that traffic into logsnorter John Sage (Dec 04)