Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Windows snort to syslog

From: "Cintron, Jose J." <jcintron () mitre org>
Date: Mon, 27 Oct 2008 11:37:04 -0400
I have a snort server running on Windows (192.168.1.100) and I have a
remote syslog server running again on a Windows server (192.168.1.3)
(using Kiwi Syslog).  My snort.conf file says...
 
output alert_syslog: host=192.168.1.3, log_auth log_alert
 
I've tried changing the address to address port (192.168.1.3:514).  I
tried to send to the TCP port (1468) of the syslog server instead of
the UDP port just to check.  I have a sniffer to see all traffic from
the snort box to the syslog server.
 
And I don't see a thing.  What am I doing wrong (I'm sure that it's me
and not the pig).
 

+------------------------------------------
| José J. Cintrón - <jcintron () mitre org <mailto:jcintron () mitre org> >
|
| MITRE Corporation
| 7515 Colshire Drive
| Mail Stop T330
| McLean, VA  22102-7508
|
| Phone: 703.983.3040
| Fax: 703.983.1397
+------------------------------------------

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: