Snort mailing list archives
Re: Remote syslog server using snort.conf
From: Michael Boman <michael.boman () securecirt com>
Date: Sun, 25 Aug 2002 11:44:41 +0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 25 August 2002 11:14, Sandy Taylor wrote:
I have read through the manual and FAQ. I found how to log to a remote syslog server at the command line and how to log to a syslog server on the local machine. But what I want to do is both log to a MySQL database and a remote syslog server. Thusly, I have to use the snort.conf to log to both right? So, the 10k dollar question is how do I configure snort.conf to log to a remote syslog server? Can I specify a port (other than the default)? Any suggestions would be appreciated. Thank you.
You didn't specify what OS you are using, but I'll assume that you are on some kind of UNIX machine (Linux/BSD/Solaris etc). The answer in that case is: you don't configure the remote syslog server at all in snort.conf It is in syslog.conf (/etc/syslog.conf) that you should edit, and syslog.conf(5) man page tells you how to do it ;) (didn't want to spell it straight out, but it has something to do with the '@' sign.) Best regards Michael Boman - -- Michael Boman Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd) http://www.securecirt.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9aFKuds5fQJiraJwRAo9GAJsGfNHJrVPOklS5obUvzQp2spP1LgCdEH2G becTPhfVkVaG/Tuq858zE9c= =b273 -----END PGP SIGNATURE----- ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Remote syslog server using snort.conf Sandy Taylor (Aug 24)
- Re: Remote syslog server using snort.conf Michael Boman (Aug 24)
- Re: Remote syslog server using snort.conf Sandy Taylor (Aug 24)
- Re: Remote syslog server using snort.conf Wayne T Work (Aug 24)
- Re: Remote syslog server using snort.conf Christopher Cook (Aug 25)
- Re: Remote syslog server using snort.conf Sandy Taylor (Aug 24)
- Re: Remote syslog server using snort.conf Michael Boman (Aug 24)
- Re: Remote syslog server using snort.conf Wayne T Work (Aug 24)
- Re: Remote syslog server using snort.conf Frank Knobbe (Aug 25)