Snort mailing list archives

RE: Syslog on W2K

From: "Blake Fithen" <fithen () networksplus net>
Date: Wed, 12 Jun 2002 22:31:56 -0500

http://www.cls.de/Default.asp

works well but randomly inserts fixed string in syslog output in
the freeware version.

--
blake

  -----Original Message-----
  From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Steven Williams
  Sent: Wednesday, June 12, 2002 6:13 PM
  To: 'Michael Steele'; Steven Williams
  Cc: snort-users () lists sourceforge net
  Subject: RE: [Snort-users] Syslog on W2K


  HI Michael,



  So do I need to setup a syslog server on the sensor itself, and then
either use that for logging, or forward syslogs to my main syslog server?



  I don't know of any good freeware ones as I use Kiwi myself.



  Thanks



  Steve



  -----Original Message-----
  From: Michael Steele [mailto:michaels () silicondefense com]
  Sent: Thursday, June 13, 2002 9:11 AM
  To: 'Steven Williams'
  Cc: snort-users () lists sourceforge net
  Subject: RE: [Snort-users] Syslog on W2K



  Steve,



  That won't work. You are going to have to use a 3rd party Syslog Server
like Kiwi Syslog Daemon which will do everything you need, including
emailing alerts, but not freeware.



  If you find anything else on the freeware side, could you let me know? I
have a list of people looking for a freeware utility for emailing alerts on
Windows.



  http://www.kiwisyslog.com/

  -Michael
  --
   Michael Steele | System Engineer / Support Technician
   mailto:michaels () silicondefense com
   Silicon Defense: IDS solutions - http://www.silicondefense.com
   Snort: Open Source Network IDS - http://www.snort.org



  -----Original Message-----
  From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Steven
Williams
  Sent: Tuesday, June 11, 2002 8:57 PM
  To: 'snort-users () lists sourceforge net'
  Subject: [Snort-users] Syslog on W2K



  Hi,



  I am using snort 1.8.6 on W2K.



  I wish to log to the mysql database, but also log to a syslog server using
the commands below;



  output alert_syslog: LOG_AUTH LOG_ALERT host=X.X.X.X

  output database: alert, mysql, user=username dbname=database
sensor_name=sensor1 password=password host=X.X.X.X



  When I run snort, I get a warning message stating "Unrecognized syslog
facility/priority: host=X.X.X.X"



  Has anyone successfully got snort to syslog to a remote syslog server? If
so, can you let me know how you did it?



  Also, has anyone got anything like Swatch on a W32 machine to report from
Syslog Files?



  Thanks



  Steve





  Steve Williams

  Communications Support Engineer

  Computershare Technology Services



  PH +61 3 92355651

  FAX +61 3 94732409

  www.computershare.com





  ---
  This email and any files transmitted with it are solely intended for the
use of the
  addressee(s) and may contain information that is confidential and
privileged. If you
  receive this email in error, please advise us by return email immediately.
Please also
  disregard the contents of the email, delete it and destroy any copies
immediately.
  Computershare Limited and its subsidiaries do not accept liability for the
views
  expressed in the email or for the consequences of any computer viruses
that may be
  transmitted with this email

  This email is also subject to copyright. No part of it should be
reproduced, adapted or
  transmitted without the written consent of the copyright owner.



  ---
  This email and any files transmitted with it are solely intended for the
use of the
  addressee(s) and may contain information that is confidential and
privileged. If you
  receive this email in error, please advise us by return email immediately.
Please also
  disregard the contents of the email, delete it and destroy any copies
immediately.
  Computershare Limited and its subsidiaries do not accept liability for the
views
  expressed in the email or for the consequences of any computer viruses
that may be
  transmitted with this email

  This email is also subject to copyright. No part of it should be
reproduced, adapted or
  transmitted without the written consent of the copyright owner.

Current thread:

Syslog on W2K Steven Williams (Jun 11)
- RE: Syslog on W2K Don (Jun 12)
- RE: Syslog on W2K Michael Steele (Jun 12)
- <Possible follow-ups>
- RE: Syslog on W2K Steven Williams (Jun 12)
  - RE: Syslog on W2K Blake Fithen (Jun 12)
    - Re: Syslog on W2K Scot Scot (Jun 12)
    - RE: Syslog on W2K Don (Jun 13)