[prev in list] [next in list] [prev in thread] [next in thread]
List: loganalysis
Subject: [logs] How to forward syslog message to a central syslog server using snort
From: "Héroux,_Christian" <Christian.Heroux () etsmtl ! ca>
Date: 2003-03-17 22:04:15
[Download RAW message or body]
Hello!
I have few network device that can`t be in my management network. I read \
about stealth logging using snort but it seem limited. I can collect packet by port \
span (cisco). Snort get the syslog packet but I can't send the payload ( syslog \
message) with snort syslog output. The only thing I can do is to log the payload in a \
file. There is any tool that would read a file and send the content to a syslog \
server? Any other suggestion Thanks
Christian Heroux
[Attachment #3 (text/html)]
<html xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 10">
<meta name=Originator content="Microsoft Word 10">
<link rel=File-List href="cid:filelist.xml@01C2ECA7.3CA9A6C0">
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:HyphenationZone>21</w:HyphenationZone>
<w:EnvelopeVis/>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]-->
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
span.StyleCourrierlectronique17
{mso-style-type:personal-compose;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:windowtext;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:595.3pt 841.9pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;
mso-header-margin:35.4pt;
mso-footer-margin:35.4pt;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Tableau Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]-->
</head>
<body lang=FR link=blue vlink=purple style='tab-interval:35.4pt'>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span lang=FR-CA style='font-size:
10.0pt;font-family:Arial;mso-ansi-language:FR-CA'>Hello!<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=FR-CA style='font-size:
10.0pt;font-family:Arial;mso-ansi-language:FR-CA'><span style='mso-tab-count:
1'> </span></span></font><font size=2 face=Arial><span lang=EN-CA
style='font-size:10.0pt;font-family:Arial;mso-ansi-language:EN-CA'>I have few
network device that <span class=SpellE>can`t</span> be in my management
network. I read about stealth logging using snort but it seem \
limited.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-CA'>I can collect packet by port
span (<span class=SpellE>cisco</span>). Snort get the <span \
class=SpellE>syslog</span> packet but I can’t send the payload <span \
class=GramE>( <span class=SpellE>syslog</span></span> message) with snort <span \
class=SpellE>syslog</span> output. The only thing I can do is to log the payload in a \
file. There is any tool that would read a file and send the content to a <span \
class=SpellE>syslog</span> server? <span style='mso-spacerun:yes'> </span>Any other \
suggestion<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-CA'>Thanks<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-CA'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-CA'>Christian <span \
class=SpellE>Heroux</span><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-CA'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-CA'><o:p> </o:p></span></font></p>
</div>
</body>
</html>
_______________________________________________
LogAnalysis mailing list
LogAnalysis@lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/loganalysis
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic