Re: snort syslog output support

[James Lay <digitalx00 () gmail com>]

On Sep 14, 2012, at 12:22 AM, Randal T. Rioux <randy () procyonlabs com> wrote:

> On 5/30/2012 8:33 AM, James Lay wrote:
> > On May 30, 2012, at 5:51 AM, Kungu Panda wrote:
> > > I need to send snort syslog alerts to out central syslog system.  I
> > > thought I read in a previous posting that snort syslog output was
> > > going away.  Is this still true, has it happened?
> > >
> > > What would be the best way to perform this? Any
> > > recommendations/ideas would be helpful.
> > >
> > > Thanks! KPanda
> >
> >
> > I certainly hope not….having IDS go to syslog is a PCI requirement
> > (Section 10 of PCI DSS 2.0).  Not having this would be bad.
>
> Hey kids. I'm back. Catching up on email lists - I'm up to May. Been a
> little... distracted.
>
> Is the language verbatim that "syslog" must send the alerts, or that
> they just need to be collected and stored? For example, Ci$co uses SDEE,
> but I've never seen that fail a PCI audit.
>
> I'd look it up myself, but my dog just farted on me and I need to get
> away fast.
>
> Randy

Negative.  PCI DSS 2.0 requires a "central logging server".  How you log and strs is up to you.

James
------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!