[Oisf-devel] Logging alerts to syslog
Joshua White - Everis Inc
jwhite at everisinc.com
Wed Jan 26 17:05:32 UTC 2011
Pablo,
I'm not aware of that capability, however our clients don't necessarilly have
the most up to date version of arcsight either. The standard practice they
have become accustomed to is to modify a rather generic connector that reads
syslog. Obviously your limited to the length of a single syslog record but
most relevant information can be crammed in.
I'll look more into a connector for unified output, but even if it exists I
doubt our customers will upgrade.
Josh
On Wednesday, January 26, 2011 11:54:30 am Pablo wrote:
> Hi Josh, out of curiosity, so arcsight doesn't have a connector for
> snort unified output? Sometime ago I read that they did a patch for
> barnyard, and I guess this makes the process of collection a bit
> longer/complex. Am I wrong? Has this changed?
> Thanks
>
> 2011/1/26 Joshua White - Everis Inc <jwhite at everisinc.com>:
> > I'm interested in this as well, if we can log alerts to syslog then we
> > can write an arcsight connector that much easier.
> >
> > Josh
> >
> > On Wednesday, January 26, 2011 08:25:57 am Martin Beyer wrote:
> >> Hi all,
> >>
> >> is it planned to add support for logging alerts to syslog anytime soon?
> >> Currently syslog only works for start/stop messages right? Would be nice
> >> to have the possibility of logging alerts to syslog.
> >>
> >> Regards
> >> Martin
> >> _______________________________________________
> >> Oisf-devel mailing list
> >> Oisf-devel at openinfosecfoundation.org
> >> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> >
> > _______________________________________________
> > Oisf-devel mailing list
> > Oisf-devel at openinfosecfoundation.org
> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
More information about the Oisf-devel
mailing list