Snort mailing list archives
Re:logging [was: ideal setup]
From: Keith Young <kyoung () v-one com>
Date: Wed, 07 Aug 2002 19:46:33 -0400
[Someone wrote to me in a private e-mail, but I thought I'd also send a copy to the list since this seems to be a FAQ].
(Anonymous Person) wrote:
Do you have syslog working to an external syslog server from snort? If so what does the line in your snort.conf file look it. That is if you don't mind helping out.
Actually, you should use syslog to handle this. I would recommend syslog-ng: http://www.balabit.hu/en/downloads/syslog-ng/syslog-ng runs over TCP (which is usually easier to get through a firewall) instead of udp and can run through a ssh/stunnel encrypted connection.
In the syslog-ng config file, point to the syslog server in the DMZ or to an aliased redirect interface on the firewall.
-- -- --Keith Young -kyoung () v-one com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re:logging [was: ideal setup] Keith Young (Aug 07)