Snort mailing list archives
Re: Is it possible to change the output format for the alert_syslog module?
From: Joel Esler <jesler () sourcefire com>
Date: Sun, 4 Aug 2013 10:22:01 -0700
Snort is open source, it sure is possible to change it. -- Joel Esler Sent from my iPad On Aug 2, 2013, at 1:06 AM, Niels van Eijck <n.van.eijck () ncim nl> wrote:
Thank you Waldo for your reply, but that is notI exactly what I'm looking for, I do not want alert logging in two different places. I want to log the alert with Syslog, with the message as CSV format. For example, my Syslog log looks now something like this: <169>1 2013-08-02T12:34:56.000000Z host snort - - [1:111111:1] Test Alert {UDP} x.x.x.x:111 -> y.y.y.y:222 But what I want is this: <169>1 2013-08-02T12:34:56.000000Z host snort - - 1,111111,1,"Test Alert",UDP,x.x.x.x,111,y.y.y.y,222 ------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Is it possible to change the output format for the alert_syslog module? Niels van Eijck (Aug 02)
- Re: Is it possible to change the output format for the alert_syslog module? waldo kitty (Aug 02)
- Re: Is it possible to change the output format for the alert_syslog module? Joel Esler (Aug 04)