Snort mailing list archives

syslog issue on windows 2000 and snmp

From: "Turnquist,Wayne" <WayneTurnquist () catholichealth net>
Date: Wed, 7 Jul 2004 11:38:09 -0500

I installed the newest version of snort.

when i start sort, i get the alerts showing up in the event log but i want them to go to a different machine which has
syslog up and running.

# [Win32 can use any of these formats...]
# output alert_syslog: LOG_AUTH LOG_ALERT
output alert_syslog: host=10.110.99.4, LOG_AUTH LOG_ALERT
# output alert_syslog: host=10.110.99.2, LOG_AUTH LOG_ALERT
# output alert_syslog: host=hostname:port, LOG_AUTH LOG_ALERT

also can i send msg to multiple syslog machines

--------------------------------------------------
i install snort on our router link to corp so i can double check any security problems from corp. One issue is there
is a pc at corp. which is running solarwinds to monitor some devices on our networki. thus, snort shows tons of alerts
becasue of this. how/where do i add a filter to indicate to not worry about snmp for this ip address which is on the
external network

thanks
wt

-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

syslog issue on windows 2000 and snmp Turnquist,Wayne (Jul 07)