[Oisf-users] Output FAST formatted logs to syslog?
Duane Howard
duane.security at gmail.com
Wed May 13 22:31:33 UTC 2015
<rant>I hate barnyard</rant> =)
Thanks I also hadn't considered that.
Cheers,
./d
On Wed, May 13, 2015 at 3:26 PM, Andreas Moe <moe.andreas at gmail.com> wrote:
> You could use unified2 logging and barnyard2 to parse them. Then you could
> get it to syslog, and also the associated packet for that alert.
> 14. mai 2015 00:24 skrev "Duane Howard" <duane.security at gmail.com>:
>
>> Trying to figure out if the best way to syslog Snort/fast style alerts
>> from Suricata is to output to a file, and configure syslog to pick that up,
>> since suricata.yaml doesn't seem to allow 'syslog' as a target, like Eve
>> does.
>>
>> fast:
>> filetype: 'regular', 'unix_stream' or 'unix_dgram'
>>
>> Eve:
>> type: file #file|*syslog*|unix_dgram|unix_stream
>> -- additional syslog options here.
>>
>> Any other hacks or workarounds that I should be aware of? Why isn't
>> syslog a supported output mechanism for fast type alerts?
>>
>> ./d
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Suricata User Conference November 4 & 5 in Barcelona:
>> http://oisfevents.net
>>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150513/633b67de/attachment-0002.html>
More information about the Oisf-users
mailing list