Snort mailing list archives
Re: How to best do DB *and* syslog logging?
From: Miguel Alvarez <miguellvrz9 () gmail com>
Date: Thu, 1 Dec 2011 08:32:28 +0100
On Wed, Nov 30, 2011 at 8:03 PM, beenph <beenph () gmail com> wrote:
On Wed, Nov 30, 2011 at 11:45 AM, Miguel Alvarez <miguellvrz9 () gmail com> wrote:Right now, I'm logging my snort alerts back to a syslog server but I'd like to start playing with Snorby. Please correct me if I'm wrong but I think the ideal way to do this would be to log via unified2 and use barnyard to send the alert data to snorby's DB but I can't lose my syslog functionality. I really wish barnyard was able to do this on non-Windows boxes! But what would be the best way to achieve this short of running two separate snort instances?If you need local syslog and forward them, barnyard2 currently support this on windows and non windows system. If you need remote syslog logging You can access the feature in its current branch branch via https://github.com/binf/barnyard2/tree/RemoteSyslogFix
I didn't realize this. Actually, I just checked that repository out and see this on lines 180-181 of https://github.com/binf/barnyard2/blob/RemoteSyslogFix/etc/barnyard2.conf: # host - specify a remote hostname or IP with optional port number # this is only specific to WIN32 (and is not yet fully supported) I read the last line to mean that remote sysloging was only available for Win32. But I'm glad to hear that's not the case! And thank you to everyone else for their suggestions as well -- I'll be playing with Snorby, Sagan and ELSA soon! ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- How to best do DB *and* syslog logging? Miguel Alvarez (Nov 30)
- Re: How to best do DB *and* syslog logging? Joel Esler (Nov 30)
- Re: How to best do DB *and* syslog logging? Eoin Miller (Nov 30)
- Re: How to best do DB *and* syslog logging? beenph (Nov 30)
- Re: How to best do DB *and* syslog logging? Martin Holste (Nov 30)
- Re: How to best do DB *and* syslog logging? Dustin Webber (Nov 30)
- Re: How to best do DB *and* syslog logging? Miguel Alvarez (Nov 30)
- Re: How to best do DB *and* syslog logging? beenph (Dec 01)
- Re: How to best do DB *and* syslog logging? Martin Holste (Nov 30)