Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort and multiple logging

From: Nick Moore <nmoore () sourcefire com>
Date: Wed, 6 Oct 2010 07:57:38 -0500
Egoitz,

1. I would strongly recommend using Barnyard2 for your output processing if
you are not already. There are several how-to documents available on setting
this up on http://www.snort.org/docs/setup-guides/; pick the paper that best
matches your OS or flavor of Linux. Each Snort instance can be set up to
send its output to a remote syslog server and MySQL database via Barnyard
simultaneously.

2. I would also strongly recommend using BASE instead of ACID. ACID is no
longer being maintained.

Happy Snorting!

Nick


On Wed, Oct 6, 2010 at 6:38 AM, <egoitz () ramattack net> wrote:


Hello all,

I would like to know if I can configure snort to output logs to a remote
syslog and simultaneously to a mysql database. The reason of doing this
this way is for using ACID (that reads from mysql and works in realtime)
and for ossec active responses wich requires logs to be in a log file...
So like I plan to have several snort servers for sharing the load (each
snort scanning each switch traffic) I'm planning to log all snort servers
to a remote syslog (whose file is going to be scanned constantly by ossec
and executing active responses) and simutaneously to mysql in order to
acid to be able to display ids collected data in realtime.


Could be this possible mates?? to log simultaneously to remote syslog and
to mysql??... or is it any other advisable way of achieving this goal??.

Thanks a lot.
Bye!



------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-- 
Nick Moore, SFCE, CISSP, CISA
Sr. Systems Engineer
Voice 708-336-9041
Email nick.moore () sourcefire com
IM    nickgmoore (Yahoo)
       nickgmoore38 (AIM)

    ,,_
   o"  )~   Sourcefire - The Creators of Snort
    ''''

www.sourcefire.com         www.snort.org

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: