Snort mailing list archives
RE: Windows Event Log & alert.ids
From: "grant" <grant () macaulayconsultants co uk>
Date: Fri, 17 Oct 2003 00:10:19 +0100
When I use the -E option it overrides any output options. Thanks Grant -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Scot Scot Sent: 16 October 2003 22:36 To: grant; snort-users () lists sourceforge net Subject: Re: [Snort-users] Windows Event Log & alert.ids ----- Original Message ----- From: "grant" <grant () macaulayconsultants co uk> To: <snort-users () lists sourceforge net> Sent: Thursday, October 16, 2003 7:45 AM Subject: [Snort-users] Windows Event Log & alert.ids
Does anybody know if it is possible to run the -E option to write events
and log as normal to the alert.ids file? This will allow me to alert through BMC patrol and also provide reports and invasion response via snortsnarf.
Thanks Grant
<snip> Try this: Place either of these lines in the snort.conf file under your output plugins configuration. You may want to use alert_fast for snortsnarf & ACID stuff. output alert_full: alert.ids output alert_fast: alert.ids Scot Wiedenfeld Just my 2.0134 cents worth (tax included) ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Windows Event Log & alert.ids grant (Oct 16)
- Re: Windows Event Log & alert.ids Scot Scot (Oct 16)
- <Possible follow-ups>
- Windows Event Log & alert.ids grant (Oct 16)
- RE: Windows Event Log & alert.ids grant (Oct 16)
- Re: Windows Event Log & alert.ids Scot Scot (Oct 18)