OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [Snort-users] Win32 Port and Syslog
From: Michael Davis (mikedatanerds.net)
Date: Sat Nov 25 2000 - 00:08:55 CST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

> Take into consideration that there are also syslog-servers that
> allow you to specify the listening port yourself. So the server
> port should probably configurable.

Well according to my FreeBSD syslogd:
             ipaddr/masklen[:service] Accept datagrams from ipaddr
(in the
                                         usual dotted quad notation)
with
                                         masklen bits being taken
into account
                                         when doing the address
comparision.
                                         If specified, service is the
name or
                                         number of an UDP service
(see
                                         services(5)) the source
packet must
                                         belong to. A service of `*'
allows
                                         packets being sent from any
UDP port.
                                         The default service is
`syslog'. A
                                         missing masklen will be
substituted
                                         by the historic class A or
class B
                                         netmasks if ipaddr belongs
into the
                                         address range of class A or
B, re-
                                         spectively, or by 24
otherwise.

This is why I asked if the PORT should be the PORT the UDP packet is
sent from.

I agree if you Gregor, although, I am not sure how most people
implement their syslog servers.

If no one else speaks up then I will make the PORT the port on the
remote syslog server.

Michael Davis
Chief Technical Officer
Data Nerds, LLC.
http://www.datanerds.net

> Greetings,
> Gregor.
>
> --
> Gregor Binder <gbindersysfive.com>
> http://www.sysfive.com/~gbinder/ sysfive.com GmbH UNIX.
> Networking. Security. Applications. Gaertnerstrasse 125b, 20253
> Hamburg, Germany TEL +49-40-63647482

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOh9XdfiUqZ9dnoKsEQIqLQCg9flI4FtCF5Y9E8vrrYzH5gA+sx8AoLYF
8Rgv4Crr1kAAOglG2mOwviV5
=ESDK
-----END PGP SIGNATURE-----

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users