Re: Best practice for logging alerts to syslog

[Jason Haar <Jason_Haar () trimble com>]

On 18/12/12 04:03, Joel Esler wrote:
> I'd personally prefer to have Snort output to unified2 and have
> barnyard2 deal with it.
>
> Allows for much more than just syslog in that case.  You know, in case
> Snort dies or something, at least the logs are there for backup.

?? If snort was set to generate syslogs and it died - you wouldn't lose
any events as they would have already been sent to syslog... :-)

I'd go with the contrary view: if all you want are syslog events, then
reduce complexity and drop barnyard and stick to snort. Sometimes less
is more...

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!