[Bro] Bro IDS logging via Syslog
Ron Jenkins
rjenkins at rmjconsulting.net
Wed Feb 27 11:56:05 PST 2013
Thank you for the response!
I just completed setting syslog-ng and now have the log files sending via syslog to Log Siphon now.
I agree, that it would be great to have it built into the framework directly.
Have a good day!
From: Jesse Bowling [mailto:jessebowling at gmail.com]
Sent: Wednesday, February 27, 2013 1:54 PM
To: Ron Jenkins
Cc: bro at bro-ids.org
Subject: Re: [Bro] Bro IDS logging via Syslog
There is almost certainly a better way to do it within the Bro framework itself, but another option might be to use built in (?) rsyslog:
http://ossectools.blogspot.com/2011/09/bro-quickstart-cluster-edition.html
About halfway down there are instructions for using rsyslog's imfile module to syslog Bro's logs...
Cheers,
Jesse
On Wed, Feb 27, 2013 at 1:51 PM, Ron Jenkins <rjenkins at rmjconsulting.net<mailto:rjenkins at rmjconsulting.net>> wrote:
Is there a way to have Bro v2.1 send via Syslog along with a log file?
Thanks!
Ron Jenkins (SnortCP, VCP (3/4), MCNE, CNE6, MCP,CCNA)
RMJ Consulting, LLC. "Bringing Companies and Solutions Together"
Makers of Active Response System(ARS) & Log Siphon
Owner / Senior Architect
Physical Address
11715 Bricksome Ave STE B-7
Baton Rouge, LA 70816
Mail Address
7575 Jefferson Hwy #103
Baton Rouge, LA 70806
Toll: 855-448-5214<tel:855-448-5214>
Direct. 225-448-5214<tel:225-448-5214>
Fax. 225-448-5324<tel:225-448-5324>
Cell. 225-931-1632<tel:225-931-1632>
Email. rjenkins at rmjconsulting.net<mailto:rjenkins at rmjconsulting.net>
Web. http://www.rmjconsulting.net<http://www.rmjconsulting.net/>
ARS. http://www.rmjars.com<http://www.rmjars.com/>
Log Siphon. http://www.logsiphon.com<http://www.logsiphon.com/>
Linkedin. http://www.linkedin.com/profile/view?id=28564151&trk=tab_pro
_______________________________________________
Bro mailing list
bro at bro-ids.org<mailto:bro at bro-ids.org>
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
--
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130227/85255695/attachment.html
More information about the Bro
mailing list