Best practice for logging alerts to syslog

[Tony Robinson <deusexmachina667 () gmail com>]

Hello,

Wanted to ask a question regarding what is best practice for snort to log
alerts to syslog -- is it the better practice to have snort itself, via
snort.conf handle this, or should barnyard2 be installed, snort configured
to log to unified 2 and barnyard 2 handle logging to syslog? I'm asking
because the next thing I'd like to do for autosnort is offer a
configuration option to log to syslog (for SIEM integration to something
like splunk, graylog2, etc.) if the user wasn't interested in a web
front-end and wanted to know what the accepted/best practice was here.

Thanks in Advance,

DA

-- 
when does reality end? when does fantasy begin?

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!