Snort mailing list archives

Re: Send snort alerts via syslog to ArcSight

From: beenph <beenph () gmail com>
Date: Thu, 27 Sep 2012 16:54:27 -0400

On Thu, Sep 27, 2012 at 4:36 PM, Pablo Atiaga
<pablo.atiaga () e-govsolutions net> wrote:

Hi everyone.

I need to send snort alert to ArcSight via syslog, i found a
configuration just changing one line in the snort.conf but it doesn't
work. I already try sending events with other application and with
barnyard and work, but i need to send from snort directly because that's
the only way to send all the parameters correctly. I'm using snort 2.9.3.1.


All parameters?
I am interested to see which parameters are missing in barnyard2
v2-1.10 syslog_full output module?

-elz

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://ad.doubleclick.net/clk;258768047;13503038;j?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Send snort alerts via syslog to ArcSight Pablo Atiaga (Sep 27)
- Re: Send snort alerts via syslog to ArcSight beenph (Sep 27)