RE: [Snort-users] syslog messages
This is a discussion on RE: [Snort-users] syslog messages within the Snort forums, part of the System Security and Security Related category; This is a multi-part message in MIME format. ------_=_NextPart_001_01C3EC07.AAAEFACA Content-Type: text/plain; charset="us-ascii&...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-05-2004
|
|||
|
|||
RE: [Snort-users] syslog messages
This is a multi-part message in MIME format.
------_=_NextPart_001_01C3EC07.AAAEFACA Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable If I understand you correctly you want to log to syslog and then monitor it? =20 In snort.conf add the following line: output alert_syslog: LOG_AUTH LOG_ALERT Then use a utility such as swatch to monitor and alert/echo/email ... whatever you want with the results. =20 - Nick =20 _____ =20 From: Henri Chevallier [mailto:henri_chevallier@hotmail.com]=20 Sent: Wednesday, February 04, 2004 1:21 PM To: snort-users@lists.sourceforge.net Subject: [Snort-users] syslog messages Hello, =20 I'd like to analyze my SNORT's logs and would like therefore to know ALL the messages that SNORT can send. Does someone know where I can find that ? =20 Thanks =20 Henri Chevallier ------_=_NextPart_001_01C3EC07.AAAEFACA Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Dus-ascii"> <META content=3D"MSHTML 6.00.2800.1276" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff = size=3D2><SPAN=20 class=3D159484416-05022004>If I understand you correctly you want to log = to syslog=20 and then monitor it?</SPAN></FONT></DIV> <DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff = size=3D2><SPAN=20 class=3D159484416-05022004></SPAN></FONT> </DIV> <DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff = size=3D2><SPAN=20 class=3D159484416-05022004>In snort.conf add the following=20 line:</SPAN></FONT></DIV> <DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff = size=3D2><SPAN=20 class=3D159484416-05022004>output alert_syslog: LOG_AUTH=20 LOG_ALERT<BR></SPAN></FONT></DIV> <DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff = size=3D2><SPAN=20 class=3D159484416-05022004>Then use a utility such as swatch to monitor = and=20 alert/echo/email ... whatever you want with the = results.</SPAN></FONT></DIV> <DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff = size=3D2><SPAN=20 class=3D159484416-05022004></SPAN></FONT> </DIV> <DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff = size=3D2><SPAN=20 class=3D159484416-05022004>- Nick</DIV></SPAN></FONT> <DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff=20 size=3D2></FONT><BR> </DIV> <DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft> <HR tabIndex=3D-1> <FONT face=3DTahoma size=3D2><B>From:</B> Henri Chevallier=20 [mailto:henri_chevallier@hotmail.com] <BR><B>Sent:</B> Wednesday, = February 04,=20 2004 1:21 PM<BR><B>To:</B> = snort-users@lists.sourceforge.net<BR><B>Subject:</B>=20 [Snort-users] syslog messages<BR></FONT><BR></DIV> <DIV></DIV> <DIV><FONT face=3DArial size=3D2>Hello,</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>I'd like to analyze my SNORT's logs and = would like=20 therefore to know ALL the messages that SNORT can send. Does someone = know where=20 I can find that ?</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Thanks</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2> Henri=20 Chevallier</FONT></DIV></BODY></HTML> ------_=_NextPart_001_01C3EC07.AAAEFACA-- ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
