Snort mailing list archives
syslog issue on windows 2000 and snmp
From: "Turnquist,Wayne" <WayneTurnquist () catholichealth net>
Date: Wed, 7 Jul 2004 11:38:09 -0500
I installed the newest version of snort. when i start sort, i get the alerts showing up in the event log but i want them to go to a different machine which has syslog up and running. # [Win32 can use any of these formats...] # output alert_syslog: LOG_AUTH LOG_ALERT output alert_syslog: host=10.110.99.4, LOG_AUTH LOG_ALERT # output alert_syslog: host=10.110.99.2, LOG_AUTH LOG_ALERT # output alert_syslog: host=hostname:port, LOG_AUTH LOG_ALERT also can i send msg to multiple syslog machines -------------------------------------------------- i install snort on our router link to corp so i can double check any security problems from corp. One issue is there is a pc at corp. which is running solarwinds to monitor some devices on our networki. thus, snort shows tons of alerts becasue of this. how/where do i add a filter to indicate to not worry about snmp for this ip address which is on the external network thanks wt ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- syslog issue on windows 2000 and snmp Turnquist,Wayne (Jul 07)