Snort mailing list archives
Re: Snort can monitor syslog???
From: "Russ Combs \(rucombs\) via Snort-users" <snort-users () lists snort org>
Date: Fri, 30 Aug 2019 17:07:19 +0000
Note that Snort 3 can process files such as syslog directly, eg:
sudo snort --daq-dir install/lib/snort/daqs --daq file -c install/etc/snort/snort.lua -R test.rules -r
/var/log/syslog -A cmg
It does not yet monitor the log, so just stops at EOF, but that could be done.
Russ
From: Snort-users <snort-users-bounces () lists snort org<mailto:snort-users-bounces () lists snort org>> on behalf of
"Joel Esler (jesler) via Snort-users" <snort-users () lists snort org<mailto:snort-users () lists snort org>>
Reply-To: "Joel Esler (jesler)" <jesler () cisco com<mailto:jesler () cisco com>>
Date: Friday, August 30, 2019 at 11:24 AM
To: Winx Linx <winxlinx () gmail com<mailto:winxlinx () gmail com>>
Cc: "snort-users () lists snort org<mailto:snort-users () lists snort org>" <snort-users () lists snort
org<mailto:snort-users () lists snort org>>
Subject: Re: [Snort-users] Snort can monitor syslog???
It can monitor traffic coming from and going to the syslog server. But it can't monitor the syslog itself.
--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com
On Aug 30, 2019, at 7:18 AM, Winx Linx via Snort-users <snort-users () lists snort org<mailto:snort-users () lists
snort org>> wrote:
Hi Team,
I know that snort scan monitor for the span/mirror port but is that snort can monitor the syslog server if i install
the snort on the syslog server?
Regards
winxlinx
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org<mailto:Snort-users () lists snort org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users
To unsubscribe, send an email to:
snort-users-leave () lists snort org<mailto:snort-users-leave () lists snort org>
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Snort can monitor syslog??? Winx Linx via Snort-users (Aug 30)
- Re: Snort can monitor syslog??? Joel Esler (jesler) via Snort-users (Aug 30)
- Re: Snort can monitor syslog??? Russ Combs (rucombs) via Snort-users (Aug 30)
- Re: Snort can monitor syslog??? Joel Esler (jesler) via Snort-users (Aug 30)