Snort mailing list archives
Best practice for logging alerts to syslog
From: Tony Robinson <deusexmachina667 () gmail com>
Date: Sat, 15 Dec 2012 22:11:41 -0500
Hello, Wanted to ask a question regarding what is best practice for snort to log alerts to syslog -- is it the better practice to have snort itself, via snort.conf handle this, or should barnyard2 be installed, snort configured to log to unified 2 and barnyard 2 handle logging to syslog? I'm asking because the next thing I'd like to do for autosnort is offer a configuration option to log to syslog (for SIEM integration to something like splunk, graylog2, etc.) if the user wasn't interested in a web front-end and wanted to know what the accepted/best practice was here. Thanks in Advance, DA -- when does reality end? when does fantasy begin?
------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Best practice for logging alerts to syslog Tony Robinson (Dec 15)
- Re: Best practice for logging alerts to syslog Joel Esler (Dec 17)
- Re: Best practice for logging alerts to syslog Tony Robinson (Dec 17)
- Re: Best practice for logging alerts to syslog Jason Haar (Dec 17)
- Re: Best practice for logging alerts to syslog Joel Esler (Dec 17)