Re: [Sguil-users] sguil and syslog
Status: Beta
Brought to you by:
bamm
Menu
▾
▴
Re: [Sguil-users] sguil and syslog
|
From: Bamm V. <bam...@gm...> - 2007-03-30 03:09:19
|
What switches are you using when you start snort? On 3/29/07, Sean Macleod <sea...@gm...> wrote: > Hi Bamm, > > I tried this (Im running 2.4.5 on solaris) and it doesn't seem to log > anything to syslog. > > I have the following lines in my snort.conf > > output alert_syslog: log_auth log_alert > output log_unified: filename snort.log, limit 128 > > if I put the -l flag on it logs a few messages to daemon.notice at > startup but thats it > > I'm confused ... > > cheers > > Sean > > > Bamm Visscher wrote: > > Sure, just config your snort.conf to alert to syslog and log to unified. > > > > Bammkkkk > > > > On 3/29/07, Sean Macleod <sea...@gm...> wrote: > >> Hello, > >> I am evaluating an event correlation product that claims to be able > >> accept snort messages via syslog > >> > >> Is it possible to configure the snort or barnyard processes to forward > >> the snort messages via syslog as well as log them to unified log file so > >> that sguil can read them ? > >> > >> cheers from sunny Perth > >> > >> Sean > >> > >> ------------------------------------------------------------------------- > >> Take Surveys. Earn Cash. Influence the Future of IT > >> Join SourceForge.net's Techsay panel and you'll get the chance to share your > >> opinions on IT & business topics through brief surveys-and earn cash > >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > >> _______________________________________________ > >> Sguil-users mailing list > >> Sgu...@li... > >> https://lists.sourceforge.net/lists/listinfo/sguil-users > >> > > > > > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Sguil-users mailing list > Sgu...@li... > https://lists.sourceforge.net/lists/listinfo/sguil-users > -- sguil - The Analyst Console for NSM http://sguil.sf.net |