Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort Syslog Alerts on Win32

From: "Don Weber" <Don () WeberOnTheWeb com>
Date: Fri, 3 Jan 2003 21:07:38 -0800
RE: [Snort-users] Snort Syslog Alerts on Win32you can, just do it on the
command line, which also trumps anything in your config file tho, just do
this, along with the rest of you options for snort.conf and log dir and
such, for some reason i always need to add the port on it as well, all of my
sensors go to a remote syslog server or two.
jsut use your regular snort command line and add -s ip.add.re.ss:port at the
end

snort -s host.ip.add.ress:514
  -----Original Message-----
  From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of L. Christopher
Luther
  Sent: Friday, January 03, 2003 3:29 PM
  To: 'bmcdowell () coxhealthplans com'
  Cc: Snort-Users (E-mail)[Don Weber]
  Subject: RE: [Snort-users] Snort Syslog Alerts on Win32
  Sensitivity: Confidential


  Unfortunately, there is no syslog daemon on the WinNT4 Snort box -- only
on the other server.  :{  I was hoping that like Cisco and other network
devices I could direct the syslog messages from Snort to another server.

  Christopher



  -----Original Message-----
  From: Bob McDowell [mailto:bmcdowell () coxhealthplans com]
  Sent: Friday, January 03, 2003 6:27 PM
  To: 'L. Christopher Luther'
  Subject: RE: [Snort-users] Snort Syslog Alerts on Win32
  Sensitivity: Confidential



  I think you'd need to do this in your syslog daemon.  You can make it easy
on yourself by making snort log to 'Local1' if you'd like.

  -----Original Message-----
  From: L. Christopher Luther [mailto:cluther () xybernaut com]
  Sent: Friday, January 03, 2003 5:02 PM
  To: Snort-Users (E-mail)
  Subject: [Snort-users] Snort Syslog Alerts on Win32
  Sensitivity: Confidential



  -----BEGIN PGP SIGNED MESSAGE-----
  Hash: SHA1
  I would like to configure Snort (version 1.8.6 running on a WinNT4
  box) to send Snort alerts to a syslog server on another WinNT4 box.
  The "output alert_syslog" is pretty straight forward, accept I am not
  sure of how to direct output this to another host???  The docs I have
  do not specify any "host=" option.



  Sincerely,
  L. Christopher Luther
  Technical Consultant
  Xybernaut Solutions, Inc.
  (703) 654-3642
  cluther () xybernaut com
  http://www.xybernautsolutions.com

  My PGP Public Key:
  http://keyserver.pgp.com/pks/lookup?op=get&search=0x21261B88

  CONFIDENTIALITY NOTE:  This communication contains
  information that is confidential and/or legally privileged.
  This information is intended only for the use of the individual
  or entity named on this communication. If you are not the
  intended recipient, you are hereby notified that any disclosure,
  copying, distribution, printing or other use of, or any action
  in reliance on, the contents of this communication is strictly
  prohibited.  If you receive this communication in error, please
  immediately notify us by telephone at (703) 631-6925.

  ============================================================
  Unsolicited commercial e-mail will automatically be reported
  to the appropriate abuse@ - without exception.
  ============================================================



  -----BEGIN PGP SIGNATURE-----
  Version: PGP 7.1.2
  iQA/AwUBPhYWg6u/XM0hJhuIEQJp9QCg8SFUXSb7yrpOG0Rv+gLvRlpn4gkAnj8H
  la4Z8Pko+5h79KaeMlghIOMX
  =1T7j
  -----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: