|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [snort] spo_alert_syslog fixes
From: Martin Roesch (roesch
hiverworld.com)Date: Mon Mar 06 2000 - 17:21:49 CST
- Next message: Martin Roesch: "Re: [snort] Updated snort_stat.pl"
- Previous message: Martin Roesch: "Re: [snort] snortdb & snortnet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Erich Meier wrote:
>
> This might be an elegant solution. Only problem left: how to configure more
> that one option (e.g., LOG_PID | LOG_NDELAY). Yes, that might be done with
> some more parser fiddeling.
Yup, make the parser recognize the "|".
> OTOH, no program that I am aware of lets you configure the syslog options. So
> we could easily choose a reasonable fixed set for those (e.g., LOG_CONS |
> LOG_PID | LOG_NDELAY). Then, the syntax would be very simple:
>
> output alert_syslog: <FACILITY> <PRIORITY>
>
> Comments?
Well, realistically it's pretty damn simple to find the place where this
gets set in the code and modify the hard coded values manually, but
letting the user modify the options in the rules file shouldn't be any
big thing IMHO. It's really just a matter for the option parser, the
storage and real-time analysis of the data shouldn't be any problem.
-- Martin Roesch <roesch
- Next message: Martin Roesch: "Re: [snort] Updated snort_stat.pl"
- Previous message: Martin Roesch: "Re: [snort] snortdb & snortnet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]