[Bro] Bro IDS logging via Syslog
Jesse Bowling
jessebowling at gmail.com
Wed Feb 27 11:53:38 PST 2013
There is almost certainly a better way to do it within the Bro framework
itself, but another option might be to use built in (?) rsyslog:
http://ossectools.blogspot.com/2011/09/bro-quickstart-cluster-edition.html
About halfway down there are instructions for using rsyslog's imfile module
to syslog Bro's logs...
Cheers,
Jesse
On Wed, Feb 27, 2013 at 1:51 PM, Ron Jenkins <rjenkins at rmjconsulting.net>wrote:
> Is there a way to have Bro v2.1 send via Syslog along with a log file?***
> *
>
> ** **
>
> ** **
>
> Thanks!****
>
> ** **
>
> Ron Jenkins (SnortCP, VCP (3/4), MCNE, CNE6, MCP,CCNA)****
>
> *RMJ Consulting, LLC. *"*Bringing Companies and Solutions Together*"****
>
> Makers of *Active Response System(ARS)* & *Log Siphon*****
>
> Owner / Senior Architect****
>
> *Physical Address*
>
> 11715 Bricksome Ave STE B-7****
>
> Baton Rouge, LA 70816****
>
> *Mail Address*
>
> 7575 Jefferson Hwy #103****
>
> Baton Rouge, LA 70806****
>
> *Toll: *855-448-5214****
>
> *Direct*. 225-448-5214****
>
> *Fax.* 225-448-5324****
>
> *Cell.* 225-931-1632****
>
> *Email.* rjenkins at rmjconsulting.net****
>
> *Web.* http://www.rmjconsulting.net****
>
> *ARS.* http://www.rmjars.com****
>
> *Log Siphon*. http://www.logsiphon.com****
>
> *Linkedin.* http://www.linkedin.com/profile/view?id=28564151&trk=tab_pro**
> **
>
> ** **
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
--
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130227/8f87cb0d/attachment.html
More information about the Bro
mailing list