Snort mailing list archives
AW: AW: Syslog,MySql, IDS Center /Eagle X
From: "Freddie Soerensen" <freddie.soerensen () conares com>
Date: Tue, 20 May 2003 19:38:22 +0200
Patrick I didn't mean SnortCenter, but IDSCenter Freddie -----Ursprüngliche Nachricht----- Von: Patrick S. Harper [mailto:lists () internetsecurityguru com] Gesendet: Dienstag, 20. Mai 2003 15:16 An: Freddie Soerensen Betreff: Re: AW: [Snort-users] Syslog,MySql, IDS Center /Eagle X http://users.pandora.be/larc/ Have you looked on the website? On Mon, 2003-05-19 at 23:27, Freddie Soerensen wrote:
Ueli Does the present version of IDSCenter work with Snort 2.0 ? Freddie-----Ursprüngliche Nachricht----- Von: Ueli Kistler [mailto:iuk () gmx ch] Gesendet: Montag, 19. Mai 2003 19:26 An: McBurnett, Jim Cc: snort-users () lists sourceforge net Betreff: Re: [Snort-users] Syslog,MySql, IDS Center /Eagle X Hello McBurnett, Jim wrote: .. <snip>I tried to add Syslog to it and Bingo-- It crashes everytime it sendsa message.. I tried to send to an external syslog.. no go. I tried anon MachineSyslog. No go.. System has 3 NICS, and I am using the 2nd NIC.Snort 2.0: add an syslog output plugin in the output plugin wizard.. then click on apply. Now go to "IDS rules" again, where the Snort configuration editor is (Snort.conf).. scroll down until you find "output syslog: .." now change it to something like this: * output alert_syslog: LOG_AUTH LOG_ALERT * output alert_syslog: host=hostname, LOG_AUTH LOG_ALERT * output alert_syslog: host=hostname:port, LOG_AUTH LOG_ALERT - Save - Click on "Apply" (note from chris reid: For Win32, the remote host/port information has been moved into the snort.conf file. See the "alert_syslog" option in snort.conf. The reason for this was to make the command line options more compatible with the *nix version of snort.) Regards, Ueli Kistler eclipse () engagesecurity com www.engagesecurity.com -- ------------------------------------------------------- This SF.net email is sponsored by: If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: AW: Syslog,MySql, IDS Center /Eagle X Freddie Soerensen (May 20)