Snort mailing list archives
Re: Snort+ and logging
From: Meridoff via Snort-users <snort-users () lists snort org>
Date: Thu, 20 Sep 2018 23:55:37 +0300
чт, 20 сент. 2018 г. в 19:48, Andy Swartzbaugh <andy.swartzbaugh () gmail com>:
1) My understanding is that Barnyard was a remedy to cope with Snort2's single-processor (i.e., not multi-processing) design and that Snort3 should be able to handle logging without needing another process to handle the logging.
It is true. But Barny2 is able to send alerts to BD or remote syslog - it is usefull..Snort3 now doesn't support it 2) from
www.snort.org/downloads/snortplus/snort_manual.html#_sniffing_and_logging
:
snort --pcap-dir /path/to/pcap/dir --pcap-filter '*.pcap' -L dump -l
/path/to/log/dir
from www.snort.org/downloads/snortplus/snort_manual.html#_alert_syslog :
This must be done in snort.lua as opposed to the command line:
alert_syslog =
{
facility = local3,
level = info,
}
It is true for alerts. But I've asked about snort process (daemon) log .
Nevertheless - thank you for info, it is usefull.
If you wanted to send the logs to another server, that would be handled within rsyslogd (I use Ubuntu). Create a file named "/etc/rsyslog.d/10-snort.conf" : (the lower the number, the higher the priority) : and put the following line in it: local3.* @loghost On Thu, Sep 20, 2018 at 8:52 AM Meridoff via Snort-users < snort-users () lists snort org> wrote:Hello, I've heared that barnyard2 is out of date for snort3. Though it can be used . 1. What are the alternative (to barnyard2) ways for logging snort3 alerts to remote data-bases or remote syslog etc ? May be it will be included in snort3 project in future? 2.Small question - snort3 itself writes its own log to syslog (-M option). What are the ways to specifiy internal daemon logging methods : to file or syslog LEVEL ot smth orher ? I found nothing concering this in config Thanks for response _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Snort+ and logging Meridoff via Snort-users (Sep 20)
- Re: Snort+ and logging Andy Swartzbaugh via Snort-users (Sep 20)
- Re: Snort+ and logging Meridoff via Snort-users (Sep 20)
- Re: Snort+ and logging Russ via Snort-users (Sep 21)
- Re: Snort+ and logging Meridoff via Snort-users (Sep 20)
- Re: Snort+ and logging Andy Swartzbaugh via Snort-users (Sep 20)