Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re:logging [was: ideal setup]

From: Keith Young <kyoung () v-one com>
Date: Wed, 07 Aug 2002 19:46:33 -0400
[Someone wrote to me in a private e-mail, but I thought I'd also send a copy to the list since this seems to be a FAQ]. 

(Anonymous Person) wrote:
Do you have syslog working to an external syslog server from snort? If so what does the line in your snort.conf file look it. That is if you don't mind helping out. 



Actually, you should use syslog to handle this. I would recommend syslog-ng:
        http://www.balabit.hu/en/downloads/syslog-ng/
syslog-ng runs over TCP (which is usually easier to get through a firewall) instead of udp and can run through a ssh/stunnel encrypted connection.
In the syslog-ng config file, point to the syslog server in the DMZ or to an aliased redirect interface on the firewall. 

--

--
--Keith Young
-kyoung () v-one com




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: