RE: snort/syslog/Win2k

["L. Christopher Luther" <CLuther () Xybernaut com>]

There are a number of 'free' syslog daemons[0] for Win2K, but by default,
the Snort Win2K 'syslog' functionality writes data to the local Application
Event Log.  

You used to have to use a tweaked '-s ipaddr:514' command line parameter in
versions of Win32 Snort previous to 2.0 to get Snort to send syslog message
to a syslog daemon on another computer.  In fact, this is exactly what I do.
My two Win32 Snort sensors send syslog alerts to a central Win32 syslog
daemon.  


- Christopher 

[0] http://is-it-true.org/nt/nt2000/atips/atips105.shtml - See Kiwi and 3COM
at the bottom of the page.


-----Original Message-----
From: Julian Brown [mailto:jbrown () eprocessingnetwork com]
Sent: Tuesday, April 22, 2003 3:28 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] snort/syslog/Win2k


I want to be able to get emails of alerts.

But I only have Win2K machines, I do not have UNIX.  Can I still use the 
alert_syslog, but not have a Linux/UNIX machine that can process the syslog 
requests?

Julian




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users