Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Open Source SNORT

 

To configure syslog on an Open Source SNORT device:

The following procedure applies to a system that runs Red Hat Enterprise. The following procedures can vary for other operating systems.

  1. Configure SNORT on a remote system.
  2. Open the snort.conf file.
  3. Uncomment the following line:

    output alert_syslog:LOG_AUTH LOG_INFO

  4. Save and exit the file.
  5. Open the following file:

    /etc/init.d/snortd

  6. Add a -s to the following lines, as shown in the example:
  7. Save and exit the file.
  8. Restart SNORT by typing the following command:

    /etc/init.d/snortd restart

  9. Open the syslog.conf file.
  10. Update the file to reflect the following code:

    auth.info@<IP Address>

    Where <IP Address> is the system to which you want logs sent.

  11. Save and exit the file.
  12. Restart syslog:

    /etc/init.d/syslog restart

You can now configure the log source in JSA.