Re: Naming sensors via syslog with snort?
From: Ivan Coric (ivan.coric_at_workcoverqld.com.au)
Date: 10/10/03
- Previous message: Frank Knobbe: "RE: Network hardware IPS"
- Maybe in reply to: James Hunter: "Naming sensors via syslog with snort?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 10 Oct 2003 13:41:34 +1000 To: <jhunter@dotprofile.net>, <focus-ids@securityfocus.com>
Hi James,
"I'm not too sure that I'm understanding correctly, but from what I gather your thinking of starting multiple snort instances from 1 config file,
whereas you should be using 1 config file per node so you can properly
control each config. As such, the single line sensor_name= will suffice. "
http://archives.neohapsis.com/archives/snort/2002-09/0315.html
cheers
Ivan Coric
IT Technical Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: ivan.coric@workcoverqld.com.au
>>> "James Hunter" <jhunter@dotprofile.net> 10/10/03 10:58am >>>
Is there a way to "name" the sensors when using syslog and snort?
I'm using Snortcenter w/acid, etc... as the manager and the
snortcenter agent on another machine. I log everything back to the
main snortcenter box via syslog to one file but they all just give the
hostname.
James Hunter
303-726-7067
jhunter@dotprofile.net
---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to:
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------
***************************************************************************
Messages included in this e-mail and any of its attachments are those
of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used for the intended purpose only and are to be kept confidential at all times.
This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this information should be deleted promptly and the sender notified.
This e-mail has been scanned by Sophos for known viruses.
However, no warranty nor liability is implied in this respect.
**********************************************************************
---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to:
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------
- Previous message: Frank Knobbe: "RE: Network hardware IPS"
- Maybe in reply to: James Hunter: "Naming sensors via syslog with snort?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
