Re: [Snort-users] Windows Event Log & alert.ids
This is a discussion on Re: [Snort-users] Windows Event Log & alert.ids within the Snort forums, part of the System Security and Security Related category; > ----- Original Message ----- > From: "grant" <grant@macaulayconsultants.co.uk> > To: <snort-users@lists....
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-18-2003
|
|||
|
|||
Re: [Snort-users] Windows Event Log & alert.ids
> ----- Original Message -----
> From: "grant" <grant@macaulayconsultants.co.uk> > To: <snort-users@lists.sourceforge.net> > Sent: Thursday, October 16, 2003 7:45 AM > Subject: [Snort-users] Windows Event Log & alert.ids > > > > Does anybody know if it is possible to run the -E option to write events > and log as normal to the alert.ids file? This will allow me to alert through > BMC patrol and also provide reports and invasion response via snortsnarf. > > > > Thanks > > > > Grant <snip> > From: snort-users-admin@lists.sourceforge.net > [mailto:snort-users-admin@lists.sourceforge.net]On Behalf Of Scot Scot > Sent: 16 October 2003 22:36 > To: grant; snort-users@lists.sourceforge.net > Subject: Re: [Snort-users] Windows Event Log & alert.ids > Try this: > > Place either of these lines in the snort.conf file under your output plugins > configuration. You may want to use alert_fast for snortsnarf & ACID stuff. > > output alert_full: alert.ids > output alert_fast: alert.ids > > Scot Wiedenfeld > Just my 2.0134 cents worth (tax included) <snip> From: "grant" <grant@macaulayconsultants.co.uk> To: <snort-users@lists.sourceforge.net> Sent: Thursday, October 16, 2003 6:10 PM Subject: RE: [Snort-users] Windows Event Log & alert.ids > > When I use the -E option it overrides any output options. > > Thanks > > Grant <snip> Instead of using the -E option from the command line specify "output alert_syslog: LOG_AUTH LOG_ALERT" in your snort.conf file. This string is the equivilent to the -E option. Below is a snipit from the snort.conf file: # [Win32 can use any of these formats...] # On NT this will log to the Application Eventlog, use this instead of the -E cmd shell option output alert_syslog: LOG_AUTH LOG_ALERT # This will create the alert.ids file, use this instead of the -A Full cmd shell option output alert_full: alert.ids Scot Wiedenfeld Just my 2.0134 cents worth (tax included) ------------------------------------------------------- This SF.net email sponsored by: Enterprise Linux Forum Conference & Expo The Event For Linux Datacenter Solutions & Strategies in The Enterprise Linux in the Boardroom; in the Front Office; & in the Server Room http://www.enterpriselinuxforum.com _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
