Snort mailing list archives
same tcpdump.log to remote log server instead of local sensor
From: "samwun" <samwun () hgcbroadband com>
Date: Wed, 28 Jan 2004 13:14:32 +0800
Dear all, The snort sensor save tcpdump.log files to local sensor directory. As tcpdump.log files that generated by snort contains payload information for in-depth analysis, it is best for snort generate these tcpdump.log files to a remote syslog server in near real-time mode. Does anyone know how to generate these tcpdump.log files from snort in a remote server in the near real-time mode? Using scp periodically copy them to the remote host is not what I wanted because it is not in near real-time mode. Thanks Sam
Current thread:
- snort 2.1.0 bugs ? Koay Yee Chen (Jan 27)
- same tcpdump.log to remote log server instead of local sensor samwun (Jan 27)
- Re: same tcpdump.log to remote log server instead of local sensor Frank Knobbe (Jan 28)
- RE: same tcpdump.log to remote log server instead oflocal sensor samwun (Jan 28)
- RE: same tcpdump.log to remote log server instead oflocal sensor samwun (Jan 28)
- RE: same tcpdump.log to remote log server instead oflocal sensor Frank Knobbe (Jan 30)
- Re: same tcpdump.log to remote log server instead of local sensor Frank Knobbe (Jan 28)
- same tcpdump.log to remote log server instead of local sensor samwun (Jan 27)
- <Possible follow-ups>
- snort 2.1.0 bugs ? Koay Yee Chen (Jan 27)