Snort mailing list archives
Re: Snort alerts to a remote syslog server
From: Stephen Gantz <stephen.gantz () faculty umuc edu>
Date: Thu, 19 Jun 2014 09:29:50 -0400
To get Snort to direct output to the syslog server, open the snort.conf file and edit the output plugin configuration for syslog in Step #6. By default it reads: output alert_syslog: host=127.0.0.1:514, LOG_AUTH LOG_ALERT You just need to replace the localhost IP address with the address of your syslog server (and change the port if you aren't using the default 514). I find when I run Snort with syslog that even with the snort.conf options configured correctly, I still have to add -s to my startup command to get the output to syslog properly. That's not the way the documentation says it works, but it has been my personal experience. Dr. Stephen D. Gantz CISSP-ISSAP, CEH, CGEIT, CRISC, CIPP/G, C|CISO Associate Professor of Information Assurance The Graduate School University of Maryland University College stephen.gantz () faculty umuc edu
On Jun 19, 2014, at 7:27 AM, Iliass Hakim <iliass61 () hotmail com> wrote: Hi all, I have two machines : - snort server - syslog server I want to configure my server snort for it send alerts to syslog server. someone know how !! Cordialement --------------------------------------------------------- HAKIM Iliass Ingénieur Réseaux & Télécommunication Université Bretagne Occidentale +33 6 40 24 39 16 Merci de penser à l'environnement avant d'imprimer ce message. ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort alerts to a remote syslog server Iliass Hakim (Jun 19)
- Re: Snort alerts to a remote syslog server Kurzawa, Kevin (Jun 19)
- Re: Snort alerts to a remote syslog server Iliass Hakim (Jun 19)
- Re: Snort alerts to a remote syslog server Stephen Gantz (Jun 19)
- Re: Snort alerts to a remote syslog server waldo kitty (Jun 19)
- Re: Snort alerts to a remote syslog server Kurzawa, Kevin (Jun 19)