Snort mailing list archives
RE: Snort Syslog Alerts on Win32
From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Sat, 4 Jan 2003 16:59:41 -0500
Unfortunately, using the command line parameter for syslog is not an option, exactly because I don't want to clobber the other output plug-ins in the snort.conf file. And it probably will not work anyway under Win32 (see the post/rant I just sent to the list). It appears that "syslog" under Win32 really means "Event Log", which just will not do. Presuming that Snort under Win32 will some day really support syslog output, hopefully then there will also be a "host=" and "port=" option for the alert_syslog plug-in. Regards... -----Original Message----- From: Don Weber [mailto:Don () WeberOnTheWeb com] Sent: Saturday, January 04, 2003 12:08 AM To: L. Christopher Luther; bmcdowell () coxhealthplans com Cc: Snort-Users (E-mail) Subject: RE: [Snort-users] Snort Syslog Alerts on Win32 Sensitivity: Confidential you can, just do it on the command line, which also trumps anything in your config file tho, just do this, along with the rest of you options for snort.conf and log dir and such, for some reason i always need to add the port on it as well, all of my sensors go to a remote syslog server or two. jsut use your regular snort command line and add -s ip.add.re.ss:port at the end snort -s host.ip.add.ress:514 -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of L. Christopher Luther Sent: Friday, January 03, 2003 3:29 PM To: 'bmcdowell () coxhealthplans com' Cc: Snort-Users (E-mail)[Don Weber] Subject: RE: [Snort-users] Snort Syslog Alerts on Win32 Sensitivity: Confidential Unfortunately, there is no syslog daemon on the WinNT4 Snort box -- only on the other server. :{ I was hoping that like Cisco and other network devices I could direct the syslog messages from Snort to another server. Christopher -----Original Message----- From: Bob McDowell [mailto:bmcdowell () coxhealthplans com] Sent: Friday, January 03, 2003 6:27 PM To: 'L. Christopher Luther' Subject: RE: [Snort-users] Snort Syslog Alerts on Win32 Sensitivity: Confidential I think you'd need to do this in your syslog daemon. You can make it easy on yourself by making snort log to 'Local1' if you'd like. -----Original Message----- From: L. Christopher Luther [mailto:cluther () xybernaut com] Sent: Friday, January 03, 2003 5:02 PM To: Snort-Users (E-mail) Subject: [Snort-users] Snort Syslog Alerts on Win32 Sensitivity: Confidential -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I would like to configure Snort (version 1.8.6 running on a WinNT4 box) to send Snort alerts to a syslog server on another WinNT4 box. The "output alert_syslog" is pretty straight forward, accept I am not sure of how to direct output this to another host??? The docs I have do not specify any "host=" option. Sincerely, L. Christopher Luther Technical Consultant Xybernaut Solutions, Inc. (703) 654-3642 cluther () xybernaut com http://www.xybernautsolutions.com My PGP Public Key: http://keyserver.pgp.com/pks/lookup?op=get&search=0x21261B88 CONFIDENTIALITY NOTE: This communication contains information that is confidential and/or legally privileged. This information is intended only for the use of the individual or entity named on this communication. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, printing or other use of, or any action in reliance on, the contents of this communication is strictly prohibited. If you receive this communication in error, please immediately notify us by telephone at (703) 631-6925. ============================================================ Unsolicited commercial e-mail will automatically be reported to the appropriate abuse@ - without exception. ============================================================ -----BEGIN PGP SIGNATURE----- Version: PGP 7.1.2 iQA/AwUBPhYWg6u/XM0hJhuIEQJp9QCg8SFUXSb7yrpOG0Rv+gLvRlpn4gkAnj8H la4Z8Pko+5h79KaeMlghIOMX =1T7j -----END PGP SIGNATURE-----
Current thread:
- Snort Syslog Alerts on Win32 L. Christopher Luther (Jan 03)
- <Possible follow-ups>
- RE: Snort Syslog Alerts on Win32 L. Christopher Luther (Jan 03)
- RE: Snort Syslog Alerts on Win32 Don Weber (Jan 03)
- RE: Snort Syslog Alerts on Win32 L. Christopher Luther (Jan 04)
- RE: Snort Syslog Alerts on Win32 Rich Adamson (Jan 04)
- RE: Snort Syslog Alerts on Win32 Frank Knobbe (Jan 04)
- RE: Snort Syslog Alerts on Win32 L. Christopher Luther (Jan 04)
- RE: Snort Syslog Alerts on Win32 L. Christopher Luther (Jan 04)
- RE: Snort Syslog Alerts on Win32 L. Christopher Luther (Jan 04)
- RE: Snort Syslog Alerts on Win32 Don Weber (Jan 05)