Re: Barnyard2 conf syntax for syslog

[Paul Schmehl <pschmehl_lists () tx rr com>]

Try this:

> Syslog Format
> # Examples:
> #       output alert_syslog
> #       output alert_syslog: host=192.168.10.1
> #       output alert_syslog: host=sysserver.com:1001
> #       output alert_syslog: LOG_AUTH LOG_INFO

output alert_syslog: host=1.1.1.1 LOG_AUTH LOG_ALERT

The semi-colon is required.  That's why it's in the examples.

--On Friday, September 04, 2009 13:00:40 -0500 "Jefferson, Shawn" 
<Shawn.Jefferson () bcferries com> wrote:

> No, unfortunately they aren't.
>
> It seems that you should be able to do:
>
> output alert_syslog host=1.1.1.1, LOG_AUTH LOG_ALERT
>
> but that doesn't work and throws an error in the daemon logs.
>
>
>
> -----Original Message-----
> From: Paul Schmehl [mailto:pschmehl_lists () tx rr com]
> Sent: Friday, September 04, 2009 10:41 AM
> To: Jefferson, Shawn; snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Barnyard2 conf syntax for syslog
>
> --On Friday, September 04, 2009 12:00:49 -0500 "Jefferson, Shawn"
> <Shawn.Jefferson () bcferries com> wrote:
>
> > I know the devs for barnyard2 frequent the list and lots of people are using
> > it here.  I'm having a problem specifying the hostname for syslog along
> > with the severity and facility.  I keep getting errors that the
> > severity/facility is unknown (in the daemon.log - when testing with -T it
> > would be nice to see these messages on the console.)
> >
> > What's the syntax for doing this with barnyard2 ?
> >
> > With barnyard 0.20, I was doing this:
> > output alert_syslog2: severity: ALERT; syslog_host: 1.1.1.1;
>
> Are the examples in the conf file not working for you?
>
> Common Event Format
> # Examples:
> #       output alert_cef
> #       output alert_cef: host=192.168.10.1
> #       output alert_cef: host=sysserver.com:1001
> #       output alert_cef: LOG_AUTH LOG_INFO
>
> Syslog Format
> # Examples:
> #       output alert_syslog
> #       output alert_syslog: host=192.168.10.1
> #       output alert_syslog: host=sysserver.com:1001
> #       output alert_syslog: LOG_AUTH LOG_INFO
>
> --
> Paul Schmehl, Senior Infosec Analyst
> As if it wasn't already obvious, my opinions
> are my own and not those of my employer.
> *******************************************
> "It is as useless to argue with those who have
> renounced the use of reason as to administer
> medication to the dead." Thomas Jefferson



-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users