Snort mailing list archives
Re: Snort alerts to a remote syslog server
From: "Kurzawa, Kevin" <kkurzawa () co pinellas fl us>
Date: Thu, 19 Jun 2014 09:14:16 -0400
I currently use syslog-ng and send that info to a splunk server. Little difference. I tell syslog on the snort machine to watch the alerts file and send the info to an IP:port specification. Shazam. My additions to the syslog-ng.conf are as follows: source s_ids { file("/var/log/snort/alerts"); }; destination d_splunk { upd("server-name" port(1bajillion)); }; log { source(s_ids); destination(d_splunk); };
------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort alerts to a remote syslog server Iliass Hakim (Jun 19)
- Re: Snort alerts to a remote syslog server Kurzawa, Kevin (Jun 19)
- Re: Snort alerts to a remote syslog server Iliass Hakim (Jun 19)
- Re: Snort alerts to a remote syslog server Stephen Gantz (Jun 19)
- Re: Snort alerts to a remote syslog server waldo kitty (Jun 19)
- Re: Snort alerts to a remote syslog server Kurzawa, Kevin (Jun 19)