Snort mailing list archives

RE: Syslog on W2K

From: "Don" <Don () WeberOnTheWeb com>
Date: Thu, 13 Jun 2002 15:29:59 -0700
yes, since i never got that other option to work, i use kiwi on the sensor
itself, and have that syslog forward to my main syslog server, that part is
free, logging to db/sql and some of the archival purposes require the
registered version, but simple forwarding is in the free version., then
again, 50$ aint too bad for what it does. well worth it IMO.

Don

  -----Original Message-----
  From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Scot Scot
  Sent: Wednesday, June 12, 2002 11:26 PM
  To: fithen () networksplus net; 'Steven Williams'; 'Michael Steele'
  Cc: snort-users () lists sourceforge net
  Subject: Re: [Snort-users] Syslog on W2K


  For stability I would recommend 3com's free syslog server for Windowz

  http://support.3com.com/software/utilities_for_windows_32_bit.htm  <-- for
a bunch of goodies

  ftp://ftp.3com.com/pub/utilbin/win32/3CSyslog.zip  <-- for the syslog
server

  It runs great on 2K & XP
    ----- Original Message -----
    From: Blake Fithen
    To: 'Steven Williams' ; 'Michael Steele'
    Cc: snort-users () lists sourceforge net
    Sent: Wednesday, June 12, 2002 10:31 PM
    Subject: RE: [Snort-users] Syslog on W2K


    http://www.cls.de/Default.asp

    works well but randomly inserts fixed string in syslog output in
    the freeware version.

    --
    blake

      -----Original Message-----
      From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Steven Williams
      Sent: Wednesday, June 12, 2002 6:13 PM
      To: 'Michael Steele'; Steven Williams
      Cc: snort-users () lists sourceforge net
      Subject: RE: [Snort-users] Syslog on W2K


      HI Michael,



      So do I need to setup a syslog server on the sensor itself, and then
either use that for logging, or forward syslogs to my main syslog server?



      I don't know of any good freeware ones as I use Kiwi myself.



      Thanks



      Steve



      -----Original Message-----
      From: Michael Steele [mailto:michaels () silicondefense com]
      Sent: Thursday, June 13, 2002 9:11 AM
      To: 'Steven Williams'
      Cc: snort-users () lists sourceforge net
      Subject: RE: [Snort-users] Syslog on W2K



      Steve,



      That won't work. You are going to have to use a 3rd party Syslog
Server like Kiwi Syslog Daemon which will do everything you need, including
emailing alerts, but not freeware.



      If you find anything else on the freeware side, could you let me know?
I have a list of people looking for a freeware utility for emailing alerts
on Windows.



      http://www.kiwisyslog.com/

      -Michael
      --
       Michael Steele | System Engineer / Support Technician
       mailto:michaels () silicondefense com
       Silicon Defense: IDS solutions - http://www.silicondefense.com
       Snort: Open Source Network IDS - http://www.snort.org



      -----Original Message-----
      From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Steven
Williams
      Sent: Tuesday, June 11, 2002 8:57 PM
      To: 'snort-users () lists sourceforge net'
      Subject: [Snort-users] Syslog on W2K



      Hi,



      I am using snort 1.8.6 on W2K.



      I wish to log to the mysql database, but also log to a syslog server
using the commands below;



      output alert_syslog: LOG_AUTH LOG_ALERT host=X.X.X.X

      output database: alert, mysql, user=username dbname=database
sensor_name=sensor1 password=password host=X.X.X.X



      When I run snort, I get a warning message stating "Unrecognized syslog
facility/priority: host=X.X.X.X"



      Has anyone successfully got snort to syslog to a remote syslog server?
If so, can you let me know how you did it?



      Also, has anyone got anything like Swatch on a W32 machine to report
from Syslog Files?



      Thanks



      Steve





      Steve Williams

      Communications Support Engineer

      Computershare Technology Services



      PH +61 3 92355651

      FAX +61 3 94732409

      www.computershare.com





      ---
      This email and any files transmitted with it are solely intended for
the use of the
      addressee(s) and may contain information that is confidential and
privileged. If you
      receive this email in error, please advise us by return email
immediately. Please also
      disregard the contents of the email, delete it and destroy any copies
immediately.
      Computershare Limited and its subsidiaries do not accept liability for
the views
      expressed in the email or for the consequences of any computer viruses
that may be
      transmitted with this email

      This email is also subject to copyright. No part of it should be
reproduced, adapted or
      transmitted without the written consent of the copyright owner.



      ---
      This email and any files transmitted with it are solely intended for
the use of the
      addressee(s) and may contain information that is confidential and
privileged. If you
      receive this email in error, please advise us by return email
immediately. Please also
      disregard the contents of the email, delete it and destroy any copies
immediately.
      Computershare Limited and its subsidiaries do not accept liability for
the views
      expressed in the email or for the consequences of any computer viruses
that may be
      transmitted with this email

      This email is also subject to copyright. No part of it should be
reproduced, adapted or
      transmitted without the written consent of the copyright owner.
Current thread:

Syslog on W2K Steven Williams (Jun 11)
- RE: Syslog on W2K Don (Jun 12)
- RE: Syslog on W2K Michael Steele (Jun 12)
- <Possible follow-ups>
- RE: Syslog on W2K Steven Williams (Jun 12)
  - RE: Syslog on W2K Blake Fithen (Jun 12)
    - Re: Syslog on W2K Scot Scot (Jun 12)
    - RE: Syslog on W2K Don (Jun 13)