Re: Snort and multiple logging

[egoitz () ramattack net]

Hi all,

But I needed to generate file logs in order to OSSEC to be configured to
read it and doing active responses... (OSSEC AFAIK doesn't read from
mysql) and wanted to have a web gui for real time monitoring status of
intrusion activity and so... those banyard2 files are able to be read by
ossec? or could I say to barnyard2 to send to one remote syslog server the
logs (for ossec to be able to read them) and too... to a mysql server for
base to read them and display moment statistics??

thanks a lot for all you're help.
bye!!


> Egoitz,
>
> 1. I would strongly recommend using Barnyard2 for your output processing
> if
> you are not already. There are several how-to documents available on
> setting
> this up on http://www.snort.org/docs/setup-guides/; pick the paper that
> best
> matches your OS or flavor of Linux. Each Snort instance can be set up to
> send its output to a remote syslog server and MySQL database via Barnyard
> simultaneously.
>
> 2. I would also strongly recommend using BASE instead of ACID. ACID is no
> longer being maintained.
>
> Happy Snorting!
>
> Nick
>
>
> On Wed, Oct 6, 2010 at 6:38 AM, <egoitz () ramattack net> wrote:
>
> > Hello all,
> >
> > I would like to know if I can configure snort to output logs to a remote
> > syslog and simultaneously to a mysql database. The reason of doing this
> > this way is for using ACID (that reads from mysql and works in realtime)
> > and for ossec active responses wich requires logs to be in a log file...
> > So like I plan to have several snort servers for sharing the load (each
> > snort scanning each switch traffic) I'm planning to log all snort
> > servers
> > to a remote syslog (whose file is going to be scanned constantly by
> > ossec
> > and executing active responses) and simutaneously to mysql in order to
> > acid to be able to display ids collected data in realtime.
> >
> >
> > Could be this possible mates?? to log simultaneously to remote syslog
> > and
> > to mysql??... or is it any other advisable way of achieving this goal??.
> >
> > Thanks a lot.
> > Bye!
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Beautiful is writing same markup. Internet Explorer 9 supports
> > standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
> > Spend less time writing and  rewriting code and more time creating great
> > experiences on the web. Be a part of the beta today.
> > http://p.sf.net/sfu/beautyoftheweb
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> --
> Nick Moore, SFCE, CISSP, CISA
> Sr. Systems Engineer
> Voice 708-336-9041
> Email nick.moore () sourcefire com
> IM    nickgmoore (Yahoo)
>        nickgmoore38 (AIM)
>
>     ,,_
>    o"  )~   Sourcefire - The Creators of Snort
>     ''''
>
> www.sourcefire.com         www.snort.org



------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users