Suricata Barnyard2 Remote Syslog. Broken?

IDS/IPS
Log in to reply
  • V
    Rebel Alliance

    I'm trying to push Suricata alert logs to a remote syslog server. Barnyard2 doesn't seem to be working. The only way I can get Suricata alerts to the remote server is to configure Suricata to write to the local system log and then forward the local system log to the remote syslog server.

    Any ideas? Is Barnyard2 broken?

    bmeeks 1 Reply 0
  • bmeeks

    @vbman213 said in Suricata Barnyard2 Remote Syslog. Broken?:

    I'm trying to push Suricata alert logs to a remote syslog server. Barnyard2 doesn't seem to be working. The only way I can get Suricata alerts to the remote server is to configure Suricata to write to the local system log and then forward the local system log to the remote syslog server.

    Any ideas? Is Barnyard2 broken?

    Barnyard2 is slowly dying on the vine as the FreeBSD port has not been materially updated in several years. However, it should still run with Suricata and pfSense. Are you sure Barnyard2 is actually starting on the interface? Are there any messages in the pfSense system log relating to Barnyard2?

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy