[Oisf-devel] Logging alerts to syslog
Randal T. Rioux
randy at procyonlabs.com
Tue Feb 1 06:41:30 UTC 2011
Disclosure: I work for ArcSight/HP.
Currently supported SmartConnectors:
Snort DB 2010-09-24
Snort File (Legacy) 2010-09-24
Snort Multiple File 2010-09-24
Snort Syslog 2010-09-24
Snort/Barnyard File 2010-02-11
Unified2 is not supported and I have no updates. ULF (Unified1) is.
I am working on the CEF output plugin for Barnyard2 though.
Randy
On 1/26/2011 12:05 PM, Joshua White - Everis Inc wrote:
> Pablo,
>
> I'm not aware of that capability, however our clients don't necessarilly have
> the most up to date version of arcsight either. The standard practice they
> have become accustomed to is to modify a rather generic connector that reads
> syslog. Obviously your limited to the length of a single syslog record but
> most relevant information can be crammed in.
>
> I'll look more into a connector for unified output, but even if it exists I
> doubt our customers will upgrade.
>
> Josh
>
> On Wednesday, January 26, 2011 11:54:30 am Pablo wrote:
>> Hi Josh, out of curiosity, so arcsight doesn't have a connector for
>> snort unified output? Sometime ago I read that they did a patch for
>> barnyard, and I guess this makes the process of collection a bit
>> longer/complex. Am I wrong? Has this changed?
>> Thanks
>>
>> 2011/1/26 Joshua White - Everis Inc <jwhite at everisinc.com>:
>>> I'm interested in this as well, if we can log alerts to syslog then we
>>> can write an arcsight connector that much easier.
>>>
>>> Josh
>>>
>>> On Wednesday, January 26, 2011 08:25:57 am Martin Beyer wrote:
>>>> Hi all,
>>>>
>>>> is it planned to add support for logging alerts to syslog anytime soon?
>>>> Currently syslog only works for start/stop messages right? Would be nice
>>>> to have the possibility of logging alerts to syslog.
>>>>
>>>> Regards
>>>> Martin
More information about the Oisf-devel
mailing list