Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Any news on Snort and remote syslog servers?

    pfSense Packages
    3
    3
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cubert
      last edited by

      Searching forums I found back in Febuary 2007 some asked about send snort alerts to syslog server. At that time it was not supported, do we know if anyone was able to get this to work?

      Cubert

      Cube Dweller
      www.squidworks.net

      "Give a man a fish and feed him for a day, Teach a man to fish and loose a steady customer."

      1 Reply Last reply Reply Quote 0
      • B
        blak111
        last edited by

        Is there a method to to this that you found?

        1 Reply Last reply Reply Quote 0
        • C
          cybrsrfr
          last edited by

          I've done it with a new package I finished building yesterday called PHP Service.

          You can read more about from the following links.
          http://forum.pfsense.org/index.php/topic,13775.0.html
          http://doc.pfsense.org/index.php/PHPService

          In the wiki snort example I added the following lines for your benefit. If you only want to log the Snort alert to the syslog then  comment out or remove the lines that are between 'begin close session' and 'end close session.'

          //– begin close session --------------
          //-- end close session --------------

          Hope this helps.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.