Snort mailing list archives

Re: problem with snort and guardian

From: Alejandro Flores <alejandro.flores () triforsec com br>
Date: Sat, 27 Mar 2004 10:19:36 -0300

        Hello,

        You can configure more than one output plugin, so you can add this to
your snort.conf, next to your output database:

output alert_syslog: LOG_AUTH LOG_ALERT

        This will tell snort to send alerts to syslog. May help you.

Regards,
Alejandro Flores

Hi,

I want do configure snort to log alerts to mysql db,
and configure guardian to change my iptables conf.
when there is attack. The problem is with the output
files. Guardian accepts syslog and snort alert files, so
if I want to use alert files I have to change output db
to log (I always used alert in db output line). Is there
any other way to make snort log atacks to alert file?
I don`t think that guardian accepts unified alert files.
(It did`t work at all when I tried) I also use ACID to 
view attacks.


-------------------------------------
Greetings. Maxim





--TriForSec
http://www.triforsec.com.br/

Current thread:

problem with snort and guardian Marcin Laskowski (Mar 26)
- Re: problem with snort and guardian Alejandro Flores (Mar 27)
- Re: problem with snort and guardian Max Valdez (Mar 27)