Snort mailing list archives
RE: syslog viewer - One user's web based viewer
From: "Bobby Brown" <bbrown () netsecadmin com>
Date: Tue, 6 Aug 2002 09:01:09 -0500
I placed the scripts I currently use to select and display syslog events using a web browser at the link below. Feel free to use and experiment with them yourselves. I would appreciate all improvements anyone adds to them that I could use as well. Thanks, Bobby Syslog events to web browser http://www.netsecadmin.com/scriptlets/syslog/syslogreport.html -----Original Message----- From: spyguy [mailto:spyguy703 () earthlink net] Sent: Monday, August 05, 2002 4:53 PM To: bbrown () netsecadmin com Subject: Re: [Snort-users] syslog viewer please do. thx On Monday 05 August 2002 02:49 pm, Bobby Brown wrote:
I also send all snort sensors to a Kiwi standard syslog server. I wrote a little Perl script to parse the syslog file to display the current x
number
of alerts and change color depending on the priority flag setting. I can post the script and samples to http://www.netsecadmin.com/cgi-bin/getsnipsweb.pl in a couple of days if interested. Nothing spectacular but works. Bobby -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of darek Sent: Monday, August 05, 2002 3:28 PM To: spyguy Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] syslog viewer The way I have it set up is that I start snort with the -s flag set. In /etc/syslogd.conf you can specify: !snort *.* @some.host.on.your.net All alerts will be sent to that host. We use the Kiwi Syslog Daemon for Windows. It displays syslog messages from many different hosts; router messages, root logins, ftp sessions, smtp monitors, and snort. spyguy wrote:Hello all, I would like to have all of my snort sensors log to syslog and have
syslog
sent to a single server. Unfortunately, I don't feel like reading through a ton of syslog via ssh. I would rather view it on some sort script-generated html page. Anyone have any recommendations? Is anyone doing any syslog output, and
if
yes, how do you view the logs? Thanks in advance. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: syslog viewer - One user's web based viewer Bobby Brown (Aug 06)