Snort mailing list archives
RE: syslog viewer
From: "Bobby Brown" <bbrown () netsecadmin com>
Date: Mon, 5 Aug 2002 16:49:36 -0500
I also send all snort sensors to a Kiwi standard syslog server. I wrote a little Perl script to parse the syslog file to display the current x number of alerts and change color depending on the priority flag setting. I can post the script and samples to http://www.netsecadmin.com/cgi-bin/getsnipsweb.pl in a couple of days if interested. Nothing spectacular but works. Bobby -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of darek Sent: Monday, August 05, 2002 3:28 PM To: spyguy Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] syslog viewer The way I have it set up is that I start snort with the -s flag set. In /etc/syslogd.conf you can specify: !snort *.* @some.host.on.your.net All alerts will be sent to that host. We use the Kiwi Syslog Daemon for Windows. It displays syslog messages from many different hosts; router messages, root logins, ftp sessions, smtp monitors, and snort. spyguy wrote:
Hello all, I would like to have all of my snort sensors log to syslog and have syslog sent to a single server. Unfortunately, I don't feel like reading through a ton of syslog via ssh. I would rather view it on some sort script-generated html page. Anyone have any recommendations? Is anyone doing any syslog output, and if yes, how do you view the logs? Thanks in advance. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- syslog viewer spyguy (Aug 05)
- Re: syslog viewer darek (Aug 05)
- RE: syslog viewer Bobby Brown (Aug 05)
- Re: syslog viewer twig les (Aug 05)
- Re: syslog viewer darek (Aug 05)