Snort mailing list archives
Re: Best practice for logging alerts to syslog
From: Jason Haar <Jason_Haar () trimble com>
Date: Tue, 18 Dec 2012 16:41:31 +1300
On 18/12/12 04:03, Joel Esler wrote:
I'd personally prefer to have Snort output to unified2 and have barnyard2 deal with it. Allows for much more than just syslog in that case. You know, in case Snort dies or something, at least the logs are there for backup.
?? If snort was set to generate syslogs and it died - you wouldn't lose any events as they would have already been sent to syslog... :-) I'd go with the contrary view: if all you want are syslog events, then reduce complexity and drop barnyard and stick to snort. Sometimes less is more... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Best practice for logging alerts to syslog Tony Robinson (Dec 15)
- Re: Best practice for logging alerts to syslog Joel Esler (Dec 17)
- Re: Best practice for logging alerts to syslog Tony Robinson (Dec 17)
- Re: Best practice for logging alerts to syslog Jason Haar (Dec 17)
- Re: Best practice for logging alerts to syslog Joel Esler (Dec 17)