Re: Remote syslog server using snort.conf

[Michael Boman <michael.boman () securecirt com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 25 August 2002 11:14, Sandy Taylor wrote:
> I have read through the manual and FAQ. I found how to log to a remote
> syslog server at the command line and how to log to a syslog server on the
> local machine.
>
>  But  what I want to do is both log to a MySQL database and a remote syslog
> server. Thusly, I have to use the snort.conf to log to both right? So, the
> 10k dollar question is how do I configure snort.conf to log to a remote
> syslog server? Can I specify a port (other than the default)?
>
> Any suggestions would be appreciated.
>
> Thank you.

You didn't specify what OS you are using, but I'll assume that you are on some 
kind of UNIX machine (Linux/BSD/Solaris etc).

The answer in that case is: you don't configure the remote syslog server at 
all in snort.conf

It is in syslog.conf (/etc/syslog.conf) that you should edit, and 
syslog.conf(5) man page tells you how to do it ;)

(didn't want to spell it straight out, but it has something to do with the '@' 
sign.)

Best regards
 Michael Boman

- -- 
Michael Boman
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
http://www.securecirt.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9aFKuds5fQJiraJwRAo9GAJsGfNHJrVPOklS5obUvzQp2spP1LgCdEH2G
becTPhfVkVaG/Tuq858zE9c=
=b273
-----END PGP SIGNATURE-----



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users