Re: [logs] How to forward syslog message to a central syslog server using snort

• Previous message: Daniele Muscetta: "RE: [logs] Appliancebased Logging"
• In reply to: Héroux, Christian: "[logs] How to forward syslog message to a central syslog server using snort"
• Next in thread: Bennett Todd: "Re: [logs] How to forward syslog message to a central syslog server using snort"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Content-Type: message/rfc822

X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: =?iso-8859-1?Q?=22H=E9roux=2C_Christian=22?=
    <Christian.Herouxat_private>
Cc: LogAnalysisat_private
Subject: Re: [logs] How to forward syslog message to a central syslog server using snort 
In-Reply-To: Your message of "Mon, 17 Mar 2003 17:04:15 EST."
             <C8AB711FE2BBD54E93443B9D8938D52FA1883Bat_private> 
Cc: jefflat_private
Reply-To: jefflat_private
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii


In message <C8AB711FE2BBD54E93443B9D8938D52FA1883Bat_private>, =?iso-8859-1?Q?=22H=E9roux=2C_Christian=22?= said:
>
>Hello!
>            I have few network device that can`t be in my management =
>network. I read about stealth logging using snort but it seem limited.
>I can collect packet by port span (cisco). Snort get the syslog packet =
>but I can't send the payload ( syslog message) with snort syslog output. =
>The only thing I can do is to log the payload in a file. There is any =
>tool that would read a file and send the content to a syslog server?  =
>Any other suggestion

Snort does not currently log the contents of the packet to syslog.

If you want the packet payload logged to a central server you will need to 
setup a system with MySQL or Postgres, and use snort's database plugin.  That 
will log the contents of the packets to the database.  Then you can use the 
ACID console to query and examine the alerts.

jeffl


- -- 
Jeffrey F. Lawhorn                       |Internet Security Consulting
Software Design Associates, Inc.         |IDS Installation/Monitoring
jefflat_private       858-679-5900 voice |Firewall Installation/Monitoring
http://www.wanet.net/ 858-679-2327 fax   |

What is your network being used for?
How do you know?


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Exmh version 2.4 05/15/2001

iEYEARECAAYFAj53qOAACgkQ8C9p/jh+J345kQCgpPWnnAD4k7aFC52e919ysM7C
FGAAn2ddRFo4dV8CL5PL09s5oreDxVqb
=e/Qa
-----END PGP SIGNATURE-----

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Bennett Todd: "Re: [logs] How to forward syslog message to a central syslog server using snort"
• Previous message: Daniele Muscetta: "RE: [logs] Appliancebased Logging"
• In reply to: Héroux, Christian: "[logs] How to forward syslog message to a central syslog server using snort"
• Next in thread: Bennett Todd: "Re: [logs] How to forward syslog message to a central syslog server using snort"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 18 2003 - 20:34:08 PST