I have a test environment consisting of Win 2008 R2 Server and Windows XP w/SP3, both running the latest Snare Agent for Windows, along with RHEL 5.6 and RHEL 6.2 servers, all within a VM environment.
I am testing Linux as a central logging option. Snare Agent (free version) uses UDP, so it is a natural option for standard syslog on Linux. I am tailing /var/log/messages and only see host-only traffic, but another terminal window running tcpdump (or tcpdump -X port 514) DOES show incoming traffic from the clients. My question is where the heck is that data going? There are NO error messages on whichever Linux box I designate as the server (if I were to switch between 5.6 and 6.2). Traffic is coming in, but I'd love to know where, if anywhere, it is being written. Or, is there another step I need to learn to capture the data to a file? An ls -ltr /var/log doesn't show anything helpful, either. Thanks for any insights. Scott _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss