Snort mailing list archives

Re: Windows Event Log & alert.ids

From: "Scot Scot" <scotw () hotmail com>
Date: Thu, 16 Oct 2003 16:36:02 -0500


----- Original Message ----- 
From: "grant" <grant () macaulayconsultants co uk>
To: <snort-users () lists sourceforge net>
Sent: Thursday, October 16, 2003 7:45 AM
Subject: [Snort-users] Windows Event Log & alert.ids

Does anybody know if it is possible to run the -E option to write events

and log as normal to the alert.ids file? This will allow me to alert through
BMC patrol and also provide reports and invasion response via snortsnarf.


Thanks

Grant

<snip>

Try this:

Place either of these lines in the snort.conf file under your output plugins
configuration. You may want to use alert_fast for snortsnarf & ACID stuff.

output alert_full: alert.ids
output alert_fast: alert.ids

Scot Wiedenfeld
Just my 2.0134 cents worth (tax included)


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Windows Event Log & alert.ids grant (Oct 16)
- Re: Windows Event Log & alert.ids Scot Scot (Oct 16)
- <Possible follow-ups>
- Windows Event Log & alert.ids grant (Oct 16)
- RE: Windows Event Log & alert.ids grant (Oct 16)
  - Re: Windows Event Log & alert.ids Scot Scot (Oct 18)