Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort and syslog.

    pfSense Packages
    2
    6
    2987
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vleinone last edited by

      Hi all,

      Is there any possibility to send snort alerts to syslog server?

      Br,

      Ville

      1 Reply Last reply Reply Quote 0
      • S
        sullrich last edited by

        Not sure that this will work ATM.  You can always remotely query it with exec_raw.php, however.

        1 Reply Last reply Reply Quote 0
        • V
          vleinone last edited by

          Thanks for info.

          This would be nice feature if you have central syslog-server.

          Do anyone knows if its impossible to compile that feature inside
          snort? Because there is that syslog line, but i think that is not
          taken part of this compiling configuration.

          Br,

          Ville

          1 Reply Last reply Reply Quote 0
          • S
            sullrich last edited by

            Actually I just checked, snort is already sending items to the primary logging tab which should work with remote syslog.

            1 Reply Last reply Reply Quote 0
            • V
              vleinone last edited by

              Hi,

              True if you mean "Diagnostics: System logs: System" page, but it send
              only blocked information, not full alert (right).

              I want to send syslog "Services: Snort: Snort Alerts" page information.

              Br,

              Ville

              1 Reply Last reply Reply Quote 0
              • S
                sullrich last edited by

                @vleinone:

                Hi,

                True if you mean "Diagnostics: System logs: System" page, but it send
                only blocked information, not full alert (right).

                I want to send syslog "Services: Snort: Snort Alerts" page information.

                Br,

                Ville

                Oh okay, yeah that won't work currently.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense Plus
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy