Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Send alerts to a remote host

From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 25 Sep 2003 12:06:41 -0400
At 08:10 AM 9/25/2003, =?koi8-r?Q?=22=F0=CF=D4=C1=D0=CF=D7=20=F7=CC=C1=C4=C9=CD=C9=D2= wrote:
I want that may packet filter with Snort will send all logs and alerts to a remote host .How can I do that,
Use syslog as your output plugin for snort, then configure your syslogd to send copies to another host. 

On most older-style systems, it's /etc/syslog.conf that you need to edit.
Assuming a system based on sysklogd, and not any of the newer system logging facilities
First make snort's output go to syslog with log facility local4 in snort.conf (you can pick any local facility that's unused, I just grabbed 4 off the top of my head) 
        output alert_syslog: LOG_LOCAL4 LOG_ALERT

and add a redirector to your /etc/syslog.conf on your snort box:

        local4.alert    @myremotesyslogserver.mydomain.com
On your remote syslog server, be sure to start syslogd with -r so that it will honor inbound packets from the network. 




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: