Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort alerts to a remote syslog server

From: Iliass Hakim <iliass61 () hotmail com>
Date: Thu, 19 Jun 2014 13:56:51 +0000
Thanks,
but I have my syslog server configured
my file rsyslog.conf 

$ModLoad imuxsock # provides support for local system logging$ModLoad imklog   # provides kernel logging support 
(previously done by rklogd)#$ModLoad immark  # provides --MARK-- message capability
# provides UDP syslog reception$ModLoad imudp$UDPServerRun 514
# provides TCP syslog reception$ModLoad imtcp$InputTCPServerRun 1514

############################### GLOBAL DIRECTIVES ###############################
## Use traditional timestamp format.# To enable high precision timestamps, comment out the following 
line.##$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Filter duplicated messages$RepeatedMsgReduction off
## Set the default permissions for all log files.#$FileOwner syslog$FileGroup adm$FileCreateMode 0640$DirCreateMode 
0755$Umask 0022$PrivDropToUser syslog$PrivDropToGroup syslog
## Where to place spool files#$WorkDirectory /var/spool/rsyslog
## Include all config files in /etc/rsyslog.d/#$IncludeConfig /etc/rsyslog.d/*.conf


and in my file snort.conf i have add :
output alert_syslog: host=@ syslog server:514, LOG_AUTH LOG_ALERT

but its not working 


Cordialement 
---------------------------------------------------------
HAKIM Iliass 

Ingénieur  Réseaux & Télécommunication 

Université Bretagne Occidentale 

+33 6 40 24 39 16



Merci de penser à l'environnement avant d'imprimer ce message.


From: kkurzawa () co pinellas fl us
To: snort-users () lists sourceforge net
Date: Thu, 19 Jun 2014 09:14:16 -0400
Subject: Re: [Snort-users] Snort alerts to a remote syslog server

I currently use syslog-ng and send that info to a splunk server. Little difference. I tell syslog on the snort machine 
to watch the alerts file and send the info to an IP:port specification. Shazam. My additions to the  syslog-ng.conf are 
as follows: source s_ids {   file(“/var/log/snort/alerts”);}; destination d_splunk {   upd(“server-name” 
port(1bajillion));}; log {   source(s_ids);   destination(d_splunk);}; 
------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!                                        
  
------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: