Snort mailing list archives

Re: Syslog on W2K

From: "Scot Scot" <scotw () hotmail com>
Date: Thu, 13 Jun 2002 01:25:55 -0500
For stability I would recommend 3com's free syslog server for Windowz

http://support.3com.com/software/utilities_for_windows_32_bit.htm  <-- for a bunch of goodies

ftp://ftp.3com.com/pub/utilbin/win32/3CSyslog.zip  <-- for the syslog server

It runs great on 2K & XP
  ----- Original Message ----- 
  From: Blake Fithen 
  To: 'Steven Williams' ; 'Michael Steele' 
  Cc: snort-users () lists sourceforge net 
  Sent: Wednesday, June 12, 2002 10:31 PM
  Subject: RE: [Snort-users] Syslog on W2K


  http://www.cls.de/Default.asp

  works well but randomly inserts fixed string in syslog output in
  the freeware version.

  --
  blake

    -----Original Message-----
    From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of 
Steven Williams
    Sent: Wednesday, June 12, 2002 6:13 PM
    To: 'Michael Steele'; Steven Williams
    Cc: snort-users () lists sourceforge net
    Subject: RE: [Snort-users] Syslog on W2K


    HI Michael,

     

    So do I need to setup a syslog server on the sensor itself, and then either use that for logging, or forward 
syslogs to my main syslog server?

     

    I don't know of any good freeware ones as I use Kiwi myself.

     

    Thanks

     

    Steve

     

    -----Original Message-----
    From: Michael Steele [mailto:michaels () silicondefense com] 
    Sent: Thursday, June 13, 2002 9:11 AM
    To: 'Steven Williams'
    Cc: snort-users () lists sourceforge net
    Subject: RE: [Snort-users] Syslog on W2K

     

    Steve,

     

    That won't work. You are going to have to use a 3rd party Syslog Server like Kiwi Syslog Daemon which will do 
everything you need, including emailing alerts, but not freeware.

     

    If you find anything else on the freeware side, could you let me know? I have a list of people looking for a 
freeware utility for emailing alerts on Windows.

     

    http://www.kiwisyslog.com/

    -Michael
    --
     Michael Steele | System Engineer / Support Technician
     mailto:michaels () silicondefense com
     Silicon Defense: IDS solutions - http://www.silicondefense.com
     Snort: Open Source Network IDS - http://www.snort.org



    -----Original Message-----
    From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of 
Steven Williams
    Sent: Tuesday, June 11, 2002 8:57 PM
    To: 'snort-users () lists sourceforge net'
    Subject: [Snort-users] Syslog on W2K

     

    Hi,

     

    I am using snort 1.8.6 on W2K.

     

    I wish to log to the mysql database, but also log to a syslog server using the commands below;

     

    output alert_syslog: LOG_AUTH LOG_ALERT host=X.X.X.X

    output database: alert, mysql, user=username dbname=database sensor_name=sensor1 password=password host=X.X.X.X

     

    When I run snort, I get a warning message stating "Unrecognized syslog facility/priority: host=X.X.X.X"

     

    Has anyone successfully got snort to syslog to a remote syslog server? If so, can you let me know how you did it?

     

    Also, has anyone got anything like Swatch on a W32 machine to report from Syslog Files?

     

    Thanks

     

    Steve

     

     

    Steve Williams

    Communications Support Engineer

    Computershare Technology Services

     

    PH +61 3 92355651

    FAX +61 3 94732409

    www.computershare.com

     



    ---
    This email and any files transmitted with it are solely intended for the use of the
    addressee(s) and may contain information that is confidential and privileged. If you
    receive this email in error, please advise us by return email immediately. Please also
    disregard the contents of the email, delete it and destroy any copies immediately.
    Computershare Limited and its subsidiaries do not accept liability for the views
    expressed in the email or for the consequences of any computer viruses that may be
    transmitted with this email

    This email is also subject to copyright. No part of it should be reproduced, adapted or 
    transmitted without the written consent of the copyright owner.



    ---
    This email and any files transmitted with it are solely intended for the use of the
    addressee(s) and may contain information that is confidential and privileged. If you
    receive this email in error, please advise us by return email immediately. Please also
    disregard the contents of the email, delete it and destroy any copies immediately.
    Computershare Limited and its subsidiaries do not accept liability for the views
    expressed in the email or for the consequences of any computer viruses that may be
    transmitted with this email

    This email is also subject to copyright. No part of it should be reproduced, adapted or 
    transmitted without the written consent of the copyright owner.
Current thread:

Syslog on W2K Steven Williams (Jun 11)
- RE: Syslog on W2K Don (Jun 12)
- RE: Syslog on W2K Michael Steele (Jun 12)
- <Possible follow-ups>
- RE: Syslog on W2K Steven Williams (Jun 12)
  - RE: Syslog on W2K Blake Fithen (Jun 12)
    - Re: Syslog on W2K Scot Scot (Jun 12)
    - RE: Syslog on W2K Don (Jun 13)