Snort and syslog.

vleinone · Feb 14, 2007, 6:13 AM

Hi all,

Is there any possibility to send snort alerts to syslog server?

Br,

Ville

sullrich · Feb 14, 2007, 6:14 AM

Not sure that this will work ATM. You can always remotely query it with exec_raw.php, however.

vleinone · Feb 14, 2007, 6:49 AM

Thanks for info.

This would be nice feature if you have central syslog-server.

Do anyone knows if its impossible to compile that feature inside
snort? Because there is that syslog line, but i think that is not
taken part of this compiling configuration.

Br,

Ville

sullrich · Feb 14, 2007, 4:15 PM

Actually I just checked, snort is already sending items to the primary logging tab which should work with remote syslog.

vleinone · Feb 15, 2007, 6:09 AM

Hi,

True if you mean "Diagnostics: System logs: System" page, but it send
only blocked information, not full alert (right).

I want to send syslog "Services: Snort: Snort Alerts" page information.

Br,

Ville

sullrich · Feb 15, 2007, 3:25 PM

@vleinone:

Hi,

True if you mean "Diagnostics: System logs: System" page, but it send
only blocked information, not full alert (right).

I want to send syslog "Services: Snort: Snort Alerts" page information.

Br,

Ville

Oh okay, yeah that won't work currently.