Snort mailing list archives
Syslog Help
From: Kevin Ross <kevross33 () googlemail com>
Date: Mon, 18 Mar 2013 12:20:50 +0000
Hi, I usually use unified 2 to barnyard which sends logs into mysql. Now I have the need to send Syslog into another log collector. I haven't used syslog for snort output in a while but I have never had these issues before. I have configured the syslog output in multiple ways and even though alerts are processed and sent into mysql database it never generates syslog alerts. I have captured traffic with tcpdump from the box and nothing is sent. Does anyone have any ideas what is needed? I just need it to send generic syslog (and I have checked the usual, network connectivity the collector is there, firewalls not in way etc). Strange thing is when run in continuous mode it says it is using syslog and has the IP, port, mode etc. Thanks for any help, Kevin output alert_syslog_full: sensor_name NAME, server 10.X.X.X.X, protocol udp, port 514, operation_mode default (tried complete and other options too) # snort -V ,,_ -*> Snort! <*- o" )~ Version 2.9.4.1 GRE (Build 69) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using libpcap version 1.1.1 Using PCRE version: 8.12 2011-01-15 Using ZLIB version: 1.2.5 # barnyard2 -V ______ -*> Barnyard2 <*- / ,,_ \ Version 2.1.12 (Build 321) |o" )~| By Ian Firns (SecurixLive): http://www.securixlive.com/ + '''' + (C) Copyright 2008-2013 Ian Firns <firnsy () securixlive com> # ps aux | grep barn root 18725 77.4 3.6 91792 73064 ? Rs 12:11 2:29 /usr/local/bin barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort/ -f snort.u2 -w /var/log/snort/bylog.waldo -D # ps aux | grep snort snort 18698 73.3 16.1 745592 325160 ? Rsl 12:11 2:53 /usr/local/bin snort -D -i em1 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort/
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Syslog Help Kevin Ross (Mar 18)
- Re: Syslog Help Peter Bates (Mar 18)
- Re: Syslog Help Joel Esler (Mar 18)
- Re: Syslog Help Kevin Ross (Mar 18)
- Re: Syslog Help Joel Esler (Mar 18)
- Re: Syslog Help beenph (Mar 19)
- Re: Syslog Help Kevin Ross (Mar 20)
- Re: Syslog Help beenph (Mar 20)
- Re: Syslog Help Kevin Ross (Mar 20)
- Re: Syslog Help Peter Bates (Mar 18)