Snort mailing list archives

Re: can snort decode syslog traffic and feed that traffic into logsnorter

From: Jason Haar <Jason.Haar () trimble co nz>
Date: Tue, 4 Dec 2001 16:28:41 +1300

On Mon, Dec 03, 2001 at 05:28:54PM +0000, Raymond Jacob wrote:

The only part I was not aware of was
snort's ability to capture syslog
traffic and output that traffic
into a syslog messages file? Has
anyone written a plugin, if that


I think what you're really after is passlogd

That is a "passive" syslog server that reports *ALL* syslog events it sees
go past. Works well.

As you say, just configure your  hosts to log to a non-existant address that
lies next to where passlogd is running, and it'll catch everything.

Checkout http://freshmeat.net/projects/passlogd

-- 
Cheers

Jason Haar

Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

can snort decode syslog traffic and feed that traffic into logsnorter Raymond Jacob (Dec 03)
- Re: can snort decode syslog traffic and feed that traffic into logsnorter John Sage (Dec 03)
- Re: can snort decode syslog traffic and feed that traffic into logsnorter Jason Haar (Dec 03)
- <Possible follow-ups>
- Re: can snort decode syslog traffic and feed that traffic into logsnorter Raymond Jacob (Dec 04)
  - Re: can snort decode syslog traffic and feed that traffic into logsnorter John Sage (Dec 04)