[syslog-ng]Snort and Syslog-ng
Walt Rich
syslog-ng@lists.balabit.hu
Thu, 14 Oct 2004 17:57:03 -0500
This is a multi-part message in MIME format.
------_=_NextPart_001_01C4B241.1EF98F73
Content-Type: multipart/alternative;
boundary="----_=_NextPart_002_01C4B241.1EF98F73"
------_=_NextPart_002_01C4B241.1EF98F73
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
I need to create a source for snort using syslog-ng. I'm trying to get
all snort alerts logged to one specific file, and only want to see the
snort alerts and not any others.
=20
Any assistance is appreciated.
=20
Thanks!
=20
________________________________
| Walt Rich | Sr. Network Engineer | Parago, Inc. | 972.538.7253 |=20
walt.rich@parago.com |
=20
------_=_NextPart_002_01C4B241.1EF98F73
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1476" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D552325522-14102004><FONT face=3DArial size=3D2>I need =
to create a=20
source for snort using syslog-ng. I'm trying to get all snort =
alerts=20
logged to one specific file, and only want to see the snort alerts and =
not any=20
others.</FONT></SPAN></DIV>
<DIV><SPAN class=3D552325522-14102004><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D552325522-14102004><FONT face=3DArial size=3D2>Any =
assistance is=20
appreciated.</FONT></SPAN></DIV>
<DIV><SPAN class=3D552325522-14102004><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D552325522-14102004><FONT face=3DArial=20
size=3D2>Thanks!</FONT></SPAN></DIV>
<DIV align=3Dleft>
<TABLE cellSpacing=3D0 cellPadding=3D0 width=3D"100%" border=3D0>
<TBODY>
<TR>
<TD vAlign=3Dtop> </TD>
<TD vAlign=3Dtop>
<DIV align=3Dright><IMG height=3D48 alt=3D"Parago Logo"=20
src=3D"http://www.parago.com/images/parago_logo_for_email.gif" =
width=3D108=20
border=3D0></DIV></TD></TR>
<TR>
<TD colSpan=3D2>
<HR width=3D"100%" color=3D#666666 noShade SIZE=3D1>
</TD></TR>
<TR>
<TD colSpan=3D2>
<DIV align=3Dleft><SPAN class=3DEmailStyle17><FONT =
face=3D"Trebuchet MS"=20
size=3D2>| <B>Walt Rich</B> | Sr. Network =
Engineer | Parago,=20
Inc. | 972.538.7253 | <SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: 'Trebuchet MS'"><A=20
=
href=3D"mailto:walt.rich@parago.com">walt.rich@parago.com</A></SPAN>=20
=
|</FONT></SPAN></FONT></SPAN></DIV></TD></TR></TBODY></TABLE></DIV>
<DIV> </DIV></BODY></HTML>
------_=_NextPart_002_01C4B241.1EF98F73--
------_=_NextPart_001_01C4B241.1EF98F73
Content-Type: image/gif;
name="parago_logo_for_email.gif"
Content-Transfer-Encoding: base64
Content-Description: parago_logo_for_email.gif
Content-Location: http://www.parago.com/images/parago_logo_for_email.gif
R0lGODlhbAAwAPcAAN9VAVFRUdfX1/Lk7mVlZcXFxZgmh4iIiOZlDbe3t/q4fMN9r+ybaeNqIOnN
4WxsbNnZ2eVlEWFhYf/15UhISKampn0AUXR0dHoATfXQueFZBevr65ycnOfn57m5uYIAVmpqao2N
ja6uruRtJPO9noKCgv/yx6mpqeVpFerq6uRpHdanyFlZWUpKSuFVAD09PZ4sfeNoHYUAYPv7+7Gx
sUxMTI6Ojnt7e6I7kvDw8Ly8vJIUc6GhoeZ5Nfru5owCZaysrJWVlaqqqtDQ0IYAXXJycjw8PP/S
oMDAwF1dXeJmG9q86H5+fvX19Y4HZ6SkpOFeDnBwcE5OTuJlGIIAWJqamvfXxOmOVeJoHoIAXlVV
VeRsI87Oznd3d8WBtOBXATk5Ob6+vvvl1eBaCLOzs38AXTY2NuJiEuRnFvv3+rRlsYkAYOJjFYQA
WosAYuJkFrdnrYcBbOFdDY8IaOaCQ+NrIeNoGuFgEeFeDYgAYooAZIgAXkNDQ0FBQUVFRUJCQkRE
REZGRkBAQOHh4UdHR97e3ooAYd/f3+Li4t3d3crKysbGxvj4+Pn5+ePj49zc3Pb29o0EZuDg4LW1
tZeXl48HZ6KiovPz8+FcCtLS0uRoGYGBgeNsI3h4eP7+/s3NzY4FZvXw/KtHjn8AU//pxeNmGNew
2fz8/OVvJPTEp580iu2IPvfv9PGPP82Xx3wAT/GyjP359unp6e6TT/K2jfTKsOdxHPrv6O3t7be8
v/CwiuJfDcjIyP/pzeFhE9Gm2tu115iYmORiDpmam/KdV/CdX4wDZciHtvzn1uHk5+2ofZYdfP70
6owBZIwJcPW2gv/p2vrm2r54t/a9i4SEhPf9/3N5fPvaurFTlvj//+p7Lep0GehyHeJgEOXl5aen
p+FiEP/hs/GmcdCXv+l1H///8Zgcdfayeuvc9eFfD7xupeNnHOhoC+PB2caOzPjbyu/g8v36/OiH
TOiFRv//7eRgCPnGmfng0uXR8tTU1MGBwMqSyO7b6c2QvP7atf///yH5BAAAAAAALAAAAABsADAA
AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEmypMmTKFOqXDkQGwYM
OwawnNkQxoc9a9pQSUOz58E0r9aAquTmwwKfSAcOsOBmzhxjRpNKzbLGCdFRK6SSJKHLB8JatHrh
y6KnWRsYWkXekjMGEwBlBaOlG4OnngJ9MogQSSsSS7oYKpTI6TEwlQY2MRrYQWBixyh+fEHGAqBk
ywhOMbp96QEO05Q6I0bUiXBkH4bIIQFM4TRii4oI2qatQqAJ9JYGpOG8Qg2SDhQlMUpFUJDN3ZIJ
5NDYiYGGnZg4H47x9ugDyxcNKEipKZMlS5wBszRg/79mIM+aUe2me7wn5p+pMnl+NJPh7B8zZP+k
yfgRaU8b9SB5QcUPczhhiAUEBeXEHM180A+AHi3wAYGVrLHbQBYY4pQxVHgBYUfxBAVKJDKoQpAM
eRgTiSFUuHKRIwcI8Q8HF9hQiEEF2HDBBVUQ5EkQJ/xTxQOLCFQIjReE0EhBR15QAi//4CICQQVs
UuMhCI3zgSF5xFFOMS6gYs8SZcggQxYG/CMOAFAwMFEifRAQQB998CFIkQLlE4ARLyTxBx8EDATJ
C1oUIYgZ/zSRBJ81SMEHBVQK8sefhBDShxkeCFQEnX38IUgICIlCRRbwbBPBFFNEQAw6auDwywS2
nP8xxRtjXPFPMhz8EwYEmSw0CAU1PODNP0gAIsgMAuVQQ5ACSdBHIgP5IUUAOqQgUA2gChQCHwkM
VIMfQwhEwLI5CCTEHw8I1EEAf/R60CtwhBOBClu4hgI3/tBzDm11bFHHFC78Y803AlBgAw8LIUJI
oAMF4QcQCCXAhyTRtsBIQgkQAvE/hfARxUCTtHDAQCwAQtAngXSBEAb7HBEBaKLZscsXLmhwBr2h
raMBNNUMUwIBRSCs0CB+3ECQIn5cUJAkHtBQQiCDDARIIAfhsojTLUzJMR8SDFQBITYINMMfUhCU
gx99HMSKBTiYgIAKdTSgBB7yvPNPBmz4EkPcbAT/nEsJjzwCQbdDA9IJQY4AorJABVDA5x8tEBK1
QHyYTNAhWhhhRB8tZO0tBZNA8gi7WP5zCCBGEwQIHweZ00YWwLQizBl3aODmQJ70MMYd6QAAi0SD
8HH4QIkvPoQgUgggEAd+TP4PH6wPtMELUigiUMZa/wPJuIHYma3pgKSrevQEqUOFG12G8sw8V1hx
EAl0tD/RIKgfDUgJAl3gBxcD3dD8QNAjiA0CUYGB0CAQ2esAAaTAgQ0UZAYBJAjaCuKADDmBRMsQ
CSICUQSCBIFbAmEBIWQxkCgQwhEAJN8/LkABMniNAtm7QAuQcAkHFoQFflCeQFAGgoJIiEKGuBBI
/xABrBtc4h804EMLBlICP1BCIEGgAAWsJxBBCIIgHAgEEwSig0C0wBID2UQgKOCHP3CuAANJALo6
8I91/QFPA5FQMwpkIQ1SIAlaEMQLBNECXEivBX3Q46f+EICBmAFRA2EEBTz1ghcEgw9gaMJAkEAD
EYiAEoEQhA3/EQJBBDKQ3xuIA15BBDcYog2GEMkgAoE/D5xgEhcjCCO+cYJvnOIfT9DBQASgQ4Ik
oJZYGoLQkEABoQlkgMwyEgeKIIQbHWQFGBgFU2QSEvqljiQV6EMBB8IEPxAuIg5wAEkk8YfFkSQR
ggCEJXjpsBosCTWPMMLHTFIAFjSykSwIF28QQR4NXaKkEYlIxDs/RNCCGvSgCE2oQhfK0IY69KEg
CQgAOw==
------_=_NextPart_001_01C4B241.1EF98F73--