Snort mailing list archives

Re: snort logging both to syslog and unified2

From: "Tudor Panaitescu" <TPanaitescu () colorcon com>
Date: Wed, 19 Jan 2011 22:58:10 -0500

Thanks ! If you need any help w/ testing etc. let me know

Thanks,
T

From:   "Randal T. Rioux" <randy () procyonlabs com>
To:     snort-users () lists sourceforge net
Date:   01/19/2011 09:34 PM
Subject:        Re: [Snort-users] snort logging both to syslog and unified2

On 1/19/2011 7:47 PM, Tudor Panaitescu wrote:

Hi
Thanks for the reply but snort actually logs to 2 different sources
right now in my environment, syslog and unified. My plan was to log only
to unified2 but unfortunately it seems like barnyard2 1.9 (latest AFAIK)
does not work w/ syslog, tried it a few good times w/o any result. And,
of course, using unified2 implies getting rid of the -A fast in the

command.

There are issues with syslog, CEF and PostgreSQL outputs right now.
Being worked on :-)

Randy

--
Disclaimer:

By sending an email to ANY of my addresses you are agreeing that:

1. I am, by definition, "the intended recipient"
2. All information in the email is mine to do with as I see fit
3. I will take the contents as representing the views of your company
4. If your email is an "Out of Office" reply on a mailing list, I will
social engineer your company
5. This notification overrides any disclaimer or statement of
confidentiality that may be included on your message

Further, you understand that if any of the following conditions are met
that you are indeed, a bag of douche:

1. Your message identifies the device you sent it from
2. You messed up the thread by top-posting

------------------------------------------------------------------------------

Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand
malware threats, the impact they can have on your business, and how you
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

 ----------------------
Colorcon - Your Formulation Partner

Visit us at http://www.colorcon.com                                                                                     
                                                                                                                        
                                                                                                                        
                                        
Colorcon is committed to energy conservation and to the reduction of waste. Please consider the environment before you 
print this e-mail.                                                                                                      
                                                                                                                        
                                         
                                                                                                                        
                                                                                                                        
                                                                                                                        
                                        
"This e-mail may contain information that is confidential or privileged.                                                
                                                                                                                        
                                                                                                                        
                                        
If you are not the intended recipient, do not use, print or distribute this e-mail or any attachments. Please notify 
the sender and delete the e-mail and any attachments. Thank you."

------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand 
malware threats, the impact they can have on your business, and how you 
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort logging both to syslog and unified2 Tudor Panaitescu (Jan 19)
- Re: snort logging both to syslog and unified2 Gibson, Nathan J. (HSC) (Jan 19)
  - Re: snort logging both to syslog and unified2 Gibson, Nathan J. (HSC) (Jan 19)
  - Re: snort logging both to syslog and unified2 Tudor Panaitescu (Jan 19)
- Re: snort logging both to syslog and unified2 Jefferson, Shawn (Jan 19)
  - Re: snort logging both to syslog and unified2 Tudor Panaitescu (Jan 19)
    - Re: snort logging both to syslog and unified2 Randal T. Rioux (Jan 19)
    - Re: snort logging both to syslog and unified2 Tudor Panaitescu (Jan 19)
    - Re: snort logging both to syslog and unified2 beenph (Jan 19)