Greetings, I've been looking for a way to report snort IDS logs to a remote syslog server. The documentation states that "Currently not every service is able to use syslog. Therefore some can only write down to log files and cannot log to a remote syslog server. Services which currently cannot use syslog are: all sort of HTTP services (administration web server, HTTP proxy, HTTP content filter, HAVP), FTP proxy, IDS (snort)." but I really needed it, so I tried to figure out how to enable this any way.
So, after a bit of research I've been able to get it to work. All I had to do was add a rule to /etc/syslog.conf stating that the logs should go to a remote hosts: *.* @192.168.1.2 and remove the "-A fast" option in /usr/local/bin/restartsnort.py In /etc/snort/snort.conf I added the following rule: output alert_syslog: LOG AUTH LOG_ALERT I thought I should share this with you, just so you know... I hope this helps someone out, some day. Kind regards -- View this message in context: http://www.nabble.com/snort-%2B-remote-syslog-tp17752482p17752482.html Sent from the efw-user mailing list archive at Nabble.com. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user
