Snort mailing list archives

Re: Where to send logs

From: twig les <twigles () yahoo com>
Date: Thu, 6 Feb 2003 11:17:51 -0800 (PST)

Unfortunately we use a central syslog server right now.  I say unfortunately because it sucks
looking at hundreds of lines of syslog for snort, then hundreds of lines for Cisco logs, then the
Sun logs, then the ....  It is easy to grep though.

If you're interested in using a central database then I happen to know of a setup guide that
explains how to use stunnel to encrypt snort traffic to the mysql server, all running on freebsd. 
This guide is here: http://members.cox.net/tokashsecurity/

I hear that the author is quite debonair as well :)


--- spyguy <spyguy703 () earthlink net> wrote:

Hello.

I am building more Snort IDS's to cover our network.

However, logging in to each one and checking the alerts is very tedious.

What are some of you doing to centrally view all of your alerts?

Thanks in advance.







-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



=====
-----------------------------------------------------------
Know yourself and know your enemy and you will never fear defeat.         
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Where to send logs spyguy (Feb 06)
- Re: Where to send logs twig les (Feb 06)
- RE: Where to send logs David Scott (Feb 06)
- <Possible follow-ups>
- RE: Where to send logs L. Christopher Luther (Feb 06)