Snort mailing list archives
RE: Syslog on W2K
From: "Don" <Don () WeberOnTheWeb com>
Date: Thu, 13 Jun 2002 15:29:59 -0700
yes, since i never got that other option to work, i use kiwi on the sensor itself, and have that syslog forward to my main syslog server, that part is free, logging to db/sql and some of the archival purposes require the registered version, but simple forwarding is in the free version., then again, 50$ aint too bad for what it does. well worth it IMO. Don -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Scot Scot Sent: Wednesday, June 12, 2002 11:26 PM To: fithen () networksplus net; 'Steven Williams'; 'Michael Steele' Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Syslog on W2K For stability I would recommend 3com's free syslog server for Windowz http://support.3com.com/software/utilities_for_windows_32_bit.htm <-- for a bunch of goodies ftp://ftp.3com.com/pub/utilbin/win32/3CSyslog.zip <-- for the syslog server It runs great on 2K & XP ----- Original Message ----- From: Blake Fithen To: 'Steven Williams' ; 'Michael Steele' Cc: snort-users () lists sourceforge net Sent: Wednesday, June 12, 2002 10:31 PM Subject: RE: [Snort-users] Syslog on W2K http://www.cls.de/Default.asp works well but randomly inserts fixed string in syslog output in the freeware version. -- blake -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Steven Williams Sent: Wednesday, June 12, 2002 6:13 PM To: 'Michael Steele'; Steven Williams Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Syslog on W2K HI Michael, So do I need to setup a syslog server on the sensor itself, and then either use that for logging, or forward syslogs to my main syslog server? I don't know of any good freeware ones as I use Kiwi myself. Thanks Steve -----Original Message----- From: Michael Steele [mailto:michaels () silicondefense com] Sent: Thursday, June 13, 2002 9:11 AM To: 'Steven Williams' Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Syslog on W2K Steve, That won't work. You are going to have to use a 3rd party Syslog Server like Kiwi Syslog Daemon which will do everything you need, including emailing alerts, but not freeware. If you find anything else on the freeware side, could you let me know? I have a list of people looking for a freeware utility for emailing alerts on Windows. http://www.kiwisyslog.com/ -Michael -- Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Steven Williams Sent: Tuesday, June 11, 2002 8:57 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Syslog on W2K Hi, I am using snort 1.8.6 on W2K. I wish to log to the mysql database, but also log to a syslog server using the commands below; output alert_syslog: LOG_AUTH LOG_ALERT host=X.X.X.X output database: alert, mysql, user=username dbname=database sensor_name=sensor1 password=password host=X.X.X.X When I run snort, I get a warning message stating "Unrecognized syslog facility/priority: host=X.X.X.X" Has anyone successfully got snort to syslog to a remote syslog server? If so, can you let me know how you did it? Also, has anyone got anything like Swatch on a W32 machine to report from Syslog Files? Thanks Steve Steve Williams Communications Support Engineer Computershare Technology Services PH +61 3 92355651 FAX +61 3 94732409 www.computershare.com --- This email and any files transmitted with it are solely intended for the use of the addressee(s) and may contain information that is confidential and privileged. If you receive this email in error, please advise us by return email immediately. Please also disregard the contents of the email, delete it and destroy any copies immediately. Computershare Limited and its subsidiaries do not accept liability for the views expressed in the email or for the consequences of any computer viruses that may be transmitted with this email This email is also subject to copyright. No part of it should be reproduced, adapted or transmitted without the written consent of the copyright owner. --- This email and any files transmitted with it are solely intended for the use of the addressee(s) and may contain information that is confidential and privileged. If you receive this email in error, please advise us by return email immediately. Please also disregard the contents of the email, delete it and destroy any copies immediately. Computershare Limited and its subsidiaries do not accept liability for the views expressed in the email or for the consequences of any computer viruses that may be transmitted with this email This email is also subject to copyright. No part of it should be reproduced, adapted or transmitted without the written consent of the copyright owner.
Current thread:
- Syslog on W2K Steven Williams (Jun 11)
- RE: Syslog on W2K Don (Jun 12)
- RE: Syslog on W2K Michael Steele (Jun 12)
- <Possible follow-ups>
- RE: Syslog on W2K Steven Williams (Jun 12)
- RE: Syslog on W2K Blake Fithen (Jun 12)
- Re: Syslog on W2K Scot Scot (Jun 12)
- RE: Syslog on W2K Don (Jun 13)
- RE: Syslog on W2K Blake Fithen (Jun 12)