Re: snort syslog to siem

[Y M <snort () outlook com>]

From: kinomakino () hotmail com
To: snort-users () lists sourceforge net
Date: Thu, 28 Aug 2014 20:47:34 +0200
Subject: [Snort-users] snort syslog to siem














Thanks for your help as always. 

I am configuring syslog
for sending snort alerts to a SIEM
(OSSIM) 

I have this setup snort: 

alert_syslog output: host = *********: 514,
LOG_AUTH LOG_ALERT 
# Replace "*********" above with the remote syslog server that is to receive the logs. The remote syslog server needs 
to be configured to receive those logs. If you use Barnyard2, let it handle sending the logs instead of Snort.



This way I export the logs to the local syslog,
to var / log
/ messages. 

Any idea how to properly configure the
sending of syslog from snort to rsyslog other systems?




Thank you !!!







------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!                                        

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!