Re: Syslog Help

[Peter Bates <peter.bates () ucl ac uk>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 18/03/2013 12:20, Kevin Ross wrote:
> I usually use unified 2 to barnyard which sends logs into mysql. Now I have
> the need to send Syslog into another log collector. I haven't used syslog
> for snort output in a while but I have never had these issues before.

We're sending syslog from Barnyard2 rather than Snort directly, with:

output alert_syslog: LOG_LOCAL1

- - i.e. local1 as the facility.

I think we went this way after seeing weird results
from using the syslog output plugin directly in Snort itself.

- -- 
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division         Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJRRwoSAAoJELhVoVpEMS6RLxsH/jbvK+qneTYnbk50youQ5oP8
z4gkXO+8Fl1awBSGOxIQzjWURg2swiGiOYvT3mSN0ZIaw434m814bGxFlEEjDxO/
G5mYyHY+9OEU0sBTaIonvrrEINiJx8VeF5TWoS+FDXheudsGhMSb1lN9pK7FsxFI
1vSIe1NyvMtp6HHOIGgk1fKepBnEiUBs/W0LqkHTBC7Hq4nAMmHQJemHZM7ccznP
1wY1e2hlOqGau1IUlrYsGGMetFa6iDXtMnv6xfWZHtvPPskL5Va+vf747fg68H6g
FveaA9Btdv7333C9eaDYl9BzKdiwSBieijaSOCPa7G1TyStk6B2D3sNJcpzMS+M=
=5yZN
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!