[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-users
Subject: Re: [Snort-users] Configure output alert_syslog
From: "Joel Esler \(jesler\) via Snort-users" <snort-users () lists ! snort ! org>
Date: 2020-03-25 14:26:53
Message-ID: 558A7A59-0AA4-4BCF-B6FD-DFD681EC5ACD () cisco ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Please have a look at our archives:
https://lists.snort.org/pipermail/snort-users/ \
<https://lists.snort.org/pipermail/snort-users/>
There's 20 years of questions and answers in there. Take a look here:
https://lists.snort.org/pipermail/snort-users/2018-September/071741.html \
<https://lists.snort.org/pipermail/snort-users/2018-September/071741.html>
--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org
> On Mar 24, 2020, at 10:01 AM, Ekrem AYDIN <Ekrem.AYDIN@arhs-cube.com> wrote:
>
> Hello,
>
> I installed Snort3 on Ubuntu 19.
> I now want to configure the output to be saved in logs and not in csv files.
> However, I can't configure the alert_syslog output in the snort.lua file to store \
> data in logs. I am sending you an attached screen of the file.
> Can you please help me ?
>
> Best regards,
>
> Ekrem AYDIN
> IT Trainee
> Email : ekrem.aydin@arhs-cube.com <mailto:ekrem.aydin@arhs-cube.com>
>
> 13, Boulevard du Jazz
> L-4370 Belvaux
> www.arhs-cube.com <http://www.arhs-cube.com/>
>
>
> <ScreenFile.PNG>_______________________________________________
> Snort-users mailing list
> Snort-users@lists.snort.org <mailto:Snort-users@lists.snort.org>
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users \
> <https://lists.snort.org/mailman/listinfo/snort-users>
> To unsubscribe, send an email to:
> snort-users-leave@lists.snort.org <mailto:snort-users-leave@lists.snort.org>
>
> Please visit http://blog.snort.org <http://blog.snort.org/> to stay current on all \
> the latest Snort news!
> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette \
> <https://snort.org/faq/what-is-the-mailing-list-etiquette>
[Attachment #5 (unknown)]
<html><head><meta http-equiv="Content-Type" content="text/html; \
charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; \
line-break: after-white-space;" class="">Please have a look at our archives:<div \
class=""><br class=""></div><div class=""><a \
href="https://lists.snort.org/pipermail/snort-users/" \
class="">https://lists.snort.org/pipermail/snort-users/</a></div><div class=""><br \
class=""></div><div class="">There's 20 years of questions and answers in there. \
Take a look here:<br class=""><div class=""><br class=""></div><div class=""><a \
href="https://lists.snort.org/pipermail/snort-users/2018-September/071741.html" \
class="">https://lists.snort.org/pipermail/snort-users/2018-September/071741.html</a></div><div \
class=""><br class=""></div><div class=""><div class="">-- </div><div \
class="">Joel Esler</div><div class="">Manager, Communities Division</div><div \
class="">Cisco Talos Intelligence Group</div><div class=""><a \
href="http://www.talosintelligence.com" class="">http://www.talosintelligence.com</a> \
| <a href="https://www.snort.org" class="">https://www.snort.org</a></div><div><br \
class=""><blockquote type="cite" class=""><div class="">On Mar 24, 2020, at 10:01 AM, \
Ekrem AYDIN <<a href="mailto:Ekrem.AYDIN@arhs-cube.com" \
class="">Ekrem.AYDIN@arhs-cube.com</a>> wrote:</div><br \
class="Apple-interchange-newline"><div class=""><div class="WordSection1" \
style="page: WordSection1; caret-color: rgb(0, 0, 0); font-family: Helvetica; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;"><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; \
font-family: Calibri, sans-serif;" class="">Hello,<o:p class=""></o:p></div><div \
style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" \
class=""><o:p class=""> </o:p></div><div style="margin: 0cm 0cm 0.0001pt; \
font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" \
class="">I installed Snort3 on Ubuntu 19.<span \
class="Apple-converted-space"> </span><o:p class=""></o:p></span></div><div \
style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" \
class=""><span lang="EN-US" class="">I now want to configure the output to be saved \
in logs and not in csv files.<o:p class=""></o:p></span></div><div style="margin: 0cm \
0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span \
lang="EN-US" class="">However, I can't configure the alert_syslog output in the \
snort.lua file to store data in logs.<o:p class=""></o:p></span></div><div \
style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" \
class=""><span lang="EN-US" class="">I am sending you an attached screen of the \
file.<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; \
font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" \
class="">Can you please help me ?<o:p class=""></o:p></span></div><div style="margin: \
0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span \
lang="EN-US" class=""><o:p class=""> </o:p></span></div><div style="margin: 0cm \
0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span \
lang="EN-US" class="">Best regards,<o:p class=""></o:p></span></div><div \
style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" \
class=""><span lang="EN-US" class=""><o:p class=""> </o:p></span></div><table \
class="MsoNormalTable" border="0" cellspacing="4" cellpadding="0"><tbody class=""><tr \
class=""><td width="100%" style="width: 320.984375px; padding: 0.75pt;" class=""><div \
style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" \
class=""><b class=""><span style="font-size: 10.5pt; font-family: Arial, sans-serif; \
color: rgb(51, 63, 72);" class="">Ekrem AYDIN</span></b><span style="font-size: \
10.5pt; font-family: Arial, sans-serif; color: rgb(51, 63, 72);" class=""><br \
class="">IT Trainee<o:p class=""></o:p></span></div></td></tr><tr class=""><td \
width="100%" style="width: 320.984375px; padding: 0.75pt;" class=""><div \
style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" \
class=""><span lang="EN-GB" style="font-size: 10.5pt; font-family: Arial, \
sans-serif;" class="">Email :</span><span lang="EN-GB" style="font-size: 9pt; \
font-family: Arial, sans-serif;" class=""><span \
class="Apple-converted-space"> </span></span><b class=""><u class=""><span \
lang="EN-GB" style="font-size: 9pt; font-family: Arial, sans-serif;" \
class=""> </span></u></b><b class=""><u class=""><span lang="EN-GB" \
style="font-size: 9pt; font-family: Arial, sans-serif; color: gray;" class=""><a \
href="mailto:ekrem.aydin@arhs-cube.com" style="color: rgb(149, 79, 114); \
text-decoration: underline;" class=""><span style="color: rgb(5, 99, 193);" \
class="">e</span><span lang="FR-BE" style="color: rgb(5, 99, 193);" \
class="">krem.aydin</span><span style="color: rgb(5, 99, 193);" \
class="">@arhs-cube.com</span></a></span></u></b><span lang="EN-GB" \
class=""></span><span class=""><o:p class=""></o:p></span></div></td></tr><tr \
class=""><td width="100%" style="width: 320.984375px; padding: 0.75pt;" \
class=""><table class="MsoNormalTable" border="0" cellspacing="4" \
cellpadding="0"><tbody class=""><tr class=""><td width="100%" style="width: \
310.984375px; padding: 0.75pt;" class=""><div style="margin: 0cm 0cm 0.0001pt; \
font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: \
10.5pt; font-family: Arial, sans-serif; color: rgb(51, 63, 72);" class=""><img \
border="0" width="311" height="124" id="_x0000_i1025" \
src="http://www.arhs-group.com/wp-content/uploads/2017/03/arhs-cube.png" \
style="width: 3.2395in; height: 1.2916in;" class=""></span><span style="font-size: \
10.5pt; font-family: Arial, sans-serif; color: rgb(51, 63, 72);" class=""><o:p \
class=""></o:p></span></div></td></tr></tbody></table></td></tr><tr class=""><td \
width="100%" style="width: 320.984375px; padding: 0.75pt;" class=""><div \
style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" \
class=""><span style="font-size: 10.5pt; font-family: Arial, sans-serif; color: \
rgb(51, 63, 72);" class="">13, Boulevard du Jazz<br class="">L-4370 Belvaux<br \
class=""><a href="http://www.arhs-cube.com/" style="color: rgb(149, 79, 114); \
text-decoration: underline;" class=""><b class=""><span style="color: rgb(237, 139, \
0);" class="">www.arhs-cube.com</span></b></a></span><span style="font-size: 10.5pt; \
font-family: Arial, sans-serif; color: rgb(51, 63, 72);" class=""><o:p \
class=""></o:p></span></div></td></tr></tbody></table><div style="margin: 0cm 0cm \
0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span \
class=""><o:p class=""> </o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; \
font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p \
class=""> </o:p></div></div><span \
id="cid:066FE8B7-A914-404D-8A3A-33D661847795@vrt.sourcefire.com"><ScreenFile.PNG></span><span \
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;" \
class="">_______________________________________________</span><br \
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" \
class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: \
12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none; float: none; display: inline !important;" class="">Snort-users \
mailing list</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;" class=""><a href="mailto:Snort-users@lists.snort.org" \
style="color: rgb(149, 79, 114); text-decoration: underline; font-family: Helvetica; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; \
-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" \
class="">Snort-users@lists.snort.org</a><br style="caret-color: rgb(0, 0, 0); \
font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: \
normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: \
0px; text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span \
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;" class="">Go to this URL to change user \
options or unsubscribe:</span><br style="caret-color: rgb(0, 0, 0); font-family: \
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; \
font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;" class=""><a \
href="https://lists.snort.org/mailman/listinfo/snort-users" style="color: rgb(149, \
79, 114); text-decoration: underline; font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; \
-webkit-text-stroke-width: 0px;" \
class="">https://lists.snort.org/mailman/listinfo/snort-users</a><br \
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" \
class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: \
12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;" class=""><span class="Apple-tab-span" style="caret-color: \
rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; \
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: \
start; text-indent: 0px; text-transform: none; white-space: pre; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;"> </span><span \
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;" class="">To unsubscribe, send an email \
to:</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: \
12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;" class=""><span class="Apple-tab-span" style="caret-color: \
rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; \
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: \
start; text-indent: 0px; text-transform: none; white-space: pre; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;"> </span><a \
href="mailto:snort-users-leave@lists.snort.org" style="color: rgb(149, 79, 114); \
text-decoration: underline; font-family: Helvetica; font-size: 12px; font-style: \
normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; \
orphans: auto; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; \
-webkit-text-stroke-width: 0px;" class="">snort-users-leave@lists.snort.org</a><br \
style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" \
class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: \
12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: \
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; \
font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline \
!important;" class="">Please visit<span \
class="Apple-converted-space"> </span></span><a href="http://blog.snort.org/" \
style="color: rgb(149, 79, 114); text-decoration: underline; font-family: Helvetica; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; \
-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" \
class="">http://blog.snort.org</a><span style="caret-color: rgb(0, 0, 0); \
font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: \
normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: \
0px; text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline \
!important;" class=""><span class="Apple-converted-space"> </span>to stay \
current on all the latest Snort news!</span><br style="caret-color: rgb(0, 0, 0); \
font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: \
["smime.p7s" (smime.p7s)]
0� *H
��� 0���1�0
� `H�e������0� *H
����� �0�n0�V �����
a�m������0
� *H
�����051�0���U�
�
Cisco Systems1�0���U����Cisco Root CA 20480��
140404202418Z�
290514202542Z0,1�0���U�
��Cisco1�0���U����Cisco Employee CA0�"0
� *H
���������0�
����~�LS�#Vƹe
�LEg���m_7*{�Pɿ=/<��5︥QNٰS ,,e�ok_@
PD�MLF�H�c'��n�Ce�/}Y]�,}DR \
�Y�1BB9'ӁbT,&=�Ш�(�<MLK�l�q2$a�qh?wS~�s�Wt^ \
4���uT_,��ewR"w������0�0�� +����7�������0���U������6]K \
)CQ�Q0�� +����7����� \
�S�u�b�C�A0���U�������0���U������0������0���U�#��0��'��n� �+ \
`_{/0C��U���<0:08 6 \
42http://www.cisco.com/security/pki/crl/crca2048.crl0P��+��������D0B0@��+�����0�4http://www.cisco.com/security/pki/certs/crca2048.cer0\��U� \
�U0S0Q� +���� ����0C0A��+��������5http://www.cisco.com/security/pki/policies/index.html0
� *H
���������>N#�F�^kۊ�4�c�<&]p$`^슄d.�Y�g��M}D#(�Dm!T(laeP�@*n�>��q�I2KJX�L6/
8]TyʅRVw
�!N$2�⾥q-N7/VhFGEk]P%:)AS~W1*gSuw!:Gi'qzs/}ͦx(eÉw^B� \
�1yv:Av AP� )� o��?"?F0� 0� �����
��h08J+0
� *H
�����0,1�0���U�
��Cisco1�0���U����Cisco Employee CA0��
181121000000Z�
201120001000Z01�0���U����Joel Esler (jesler)1�0���U����Cisco \
Users1�0���U��� Employees1�0�� &,d����com1�0��
&,d����cisco1�0�� *H
� ���jesler@cisco.com0�"0
� *H
���������0�
����X|`D2\I%B̸[eeqB�!;m�>X^�v�2^� 0(!�Q}o
!F@�<�Y
8be|���YO;W6m"AN6hCK
;�MU 2G�\H���0wWIǦ2#ʓ*rG=g.��L"@B<K>�vAi*)=j�Mn?C�3:ޛ0R2ۏ�ݍn(LT�.}�Vn�̢
������X0�T0���U���������0���U������0�0z��+��������n0l0<��+�����0�0http://www.cisco.com/security/pki/certs/ceca.cer0,��+�����0� \
http://pkicvs.cisco.com/pki/ocsp0���U�#��0��6]K )CQ�Q0:��U���3010/ - \
+)http://ciscocerts.cisco.com/file/ceca.crl0���U����0��jesler@cisco.com0���U������4�Kh��c"𥕑�0���U�%��0��
+����7
����+�������0
� *H
���������7%r3}RG5{Rz8J�̅W7n3� \
�蛭�/R�ڢ�~T1-IF}B.hB�,gEk /�ZlCuvfOs!% \
x�ofoc]O.ur�MK#4ˉj*X;!%�?m��)DTjJ!h�dR!{i0'UЪu \
�>@} |`]%)��fC���]2ˇkU��J�GZuzuҹY�ŪJ#��_{�1�j0�f���0:0,1�0���U�
��Cisco1�0���U����Cisco Employee CA�
��h08J+0
� `H�e������ ��0�� *H
� �1�� *H
���0�� *H
� �1��
200325142652Z0/� *H
� �1"� �s>ߤen�4ܪ�9Kr0I� +����7��1<0:0,1�0���U�
��Cisco1�0���U����Cisco Employee CA�
��h08J+0K��*H
� ���1< :0,1�0���U�
��Cisco1�0���U����Cisco Employee CA�
��h08J+0
� *H
���������`ћ�ϔr7B(~��TEx�E:n�vt�Xy8C4�D
u=MN ? *ṱ�pd[͵�,�m�)m>Y��1د�4u*T�/ZPxݺ)TѼ7�!V(1H;K~uҴ|vj$ٙB
m8z9;]9w��*+&[3�8Cu�L��%ZU�Y_SrZЛ9a�b������
_______________________________________________
Snort-users mailing list
Snort-users@lists.snort.org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users
To unsubscribe, send an email to:
snort-users-leave@lists.snort.org
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
--===============6473401333243385993==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic