Snort mailing list archives
Re: Send alerts to a remote host
From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 25 Sep 2003 12:06:41 -0400
At 08:10 AM 9/25/2003, =?koi8-r?Q?=22=F0=CF=D4=C1=D0=CF=D7=20=F7=CC=C1=C4=C9=CD=C9=D2= wrote:
I want that may packet filter with Snort will send all logs and alerts to a remote host .How can I do that,
Use syslog as your output plugin for snort, then configure your syslogd to send copies to another host.
On most older-style systems, it's /etc/syslog.conf that you need to edit.Assuming a system based on sysklogd, and not any of the newer system logging facilities
First make snort's output go to syslog with log facility local4 in snort.conf (you can pick any local facility that's unused, I just grabbed 4 off the top of my head)
output alert_syslog: LOG_LOCAL4 LOG_ALERT and add a redirector to your /etc/syslog.conf on your snort box: local4.alert @myremotesyslogserver.mydomain.comOn your remote syslog server, be sure to start syslogd with -r so that it will honor inbound packets from the network.
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Send alerts to a remote host Потапов Владимир (Sep 25)
- Re: Send alerts to a remote host Muenz, Michael (Sep 25)
- Re: Send alerts to a remote host Matt Kettler (Sep 25)
- <Possible follow-ups>
- RE: Send alerts to a remote host Scott Williams (Network) (Sep 25)