[Oisf-devel] Logging alerts to syslog

Pablo pablo.rincon.crespo at gmail.com
Wed Jan 26 17:21:56 UTC 2011


Hi,
googling a bit I have found what I saw time ago:
http://pmelson.blogspot.com/2008/02/arcsight-cef-patch-for-snort-barnyard.html

I know that it might be complex to change a large deploymnet, but
anyway, I hope this helps.

2011/1/26 Joshua White - Everis Inc <jwhite at everisinc.com>:
> Pablo,
>
> I'm not aware of that capability, however our clients don't necessarilly have
> the most up to date version of arcsight either. The standard practice they
> have become accustomed to is to modify a rather generic connector that reads
> syslog. Obviously your limited to the length of a single syslog record but
> most relevant information can be crammed in.
>
> I'll look more into a connector for unified output, but even if it exists I
> doubt our customers will upgrade.
>
> Josh
>
> On Wednesday, January 26, 2011 11:54:30 am Pablo wrote:
>> Hi Josh, out of curiosity, so arcsight doesn't have a connector for
>> snort unified output? Sometime ago I read that they did a patch for
>> barnyard, and I guess this makes the process of collection a bit
>> longer/complex. Am I wrong? Has this changed?
>> Thanks
>>
>> 2011/1/26 Joshua White - Everis Inc <jwhite at everisinc.com>:
>> > I'm interested in this as well, if we can log alerts to syslog then we
>> > can write an arcsight connector that much easier.
>> >
>> > Josh
>> >
>> > On Wednesday, January 26, 2011 08:25:57 am Martin Beyer wrote:
>> >> Hi all,
>> >>
>> >> is it planned to add support for logging alerts to syslog anytime soon?
>> >> Currently syslog only works for start/stop messages right? Would be nice
>> >> to have the possibility of logging alerts to syslog.
>> >>
>> >> Regards
>> >>    Martin
>> >> _______________________________________________
>> >> Oisf-devel mailing list
>> >> Oisf-devel at openinfosecfoundation.org
>> >> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>> >
>> > _______________________________________________
>> > Oisf-devel mailing list
>> > Oisf-devel at openinfosecfoundation.org
>> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
>
>
>



-- 

Best regards,

--
Pablo Rincón Crespo
Security researcher and developer
Open Information Security Foundation - http://www.openinfosecfoundation.org
Emerging Threats Pro, INC - http://www.emergingthreatspro.com
------------------------------------



More information about the Oisf-devel mailing list