|
|
|
|
Snort Forums Archive
Archive Home » Snort Advanced » Getting snort to log to a Kiwi Sys log server
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
Getting snort to log to a Kiwi Sys log server
Posted by randymchugh on May 19, 2005 06:57:43
Howdy!
I got snort runing on the Solaris 8 box - now I have to figure out how to send data or alerts to Kiwi Sys log server running on windows.
Does anyone know how modify the snort.conf file to make this happen?
The line that is commented out in this file looks like it might work
[Unix flavours should use this format...]
output alert_syslog: LOG_AUTH LOG_ALERT
Any help would be much appreciated.
alert_syslog: log alerts to syslog
----------------------------------
Use one or more syslog facilities as arguments. Win32 can also optionally
specify a particular hostname/port. Under Win32, the default hostname is
'127.0.0.1', and the default port is 514.
[Unix flavours should use this format...]
output alert_syslog: LOG_AUTH LOG_ALERT
[Win32 can use any of these formats...]
output alert_syslog: LOG_AUTH LOG_ALERT
output alert_syslog: host=10.75.5.116, LOG_AUTH LOG_ALERT
output alert_syslog: host=hostname:port, LOG_AUTH LOG_ALERT
log_tcpdump: log packets in binary tcpdump format
-------------------------------------------------
The only argument is the output file name.
Many Thanks
Randy |
|
|
|
|
|
