Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Naming the Sensors in a multiple interface sensor

From: Erek Adams <erek () snort org>
Date: Thu, 9 Oct 2003 14:34:43 -0400 (EDT)
On Thu, 9 Oct 2003, Marc Quibell wrote:


In Snort.conf, in the "output database:" line, there should be or you can add
"sensor_name=[name]" at the end of the line...


Right.  That would work great if he were dealing with a DB.  Instead he's
dealing with syslog.


Message: 8
Date: Thu, 9 Oct 2003 11:13:29 -0600 (MDT)
From: "James Hunter" <jhunter () dotprofile net>
To: <snort-users () lists sourceforge net>
Subject: [Snort-users] Naming the Sensors in a multiple interface sensor



Is there a way to "name" the sensors when using syslog and snort?  I'm
using Snortcenter w/acid, etc... as the manager and the snortcenter agent
on another machine.  I log everything back to the main snortcenter box to
one file but they all just give the hostname.


How about:

        hostname snort-sensor1

:)

Sadly there's no real way to do that.  It's all dependant on the syslog
implementation of your box.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: