Ask the Expert

Can Snort read multi-platform syslogs?

Is there a way to read multi-platform syslogs through Snort?

    Requires Free Membership to View

As you probably know, Snort is primarily a network intrusion detection system, designed to directly monitor a network for activity that matches certain patterns (the Snort ruleset). Unfortunately, it's really not a good tool for monitoring syslog traffic, because it's simply not designed for the task. However, there are a number of tools that can help analyze log data. If you're looking for a tool that helps perform offline analysis on the desktop, Sawmill is one of my favorites. Its major strength lies in its ability to tackle just about any log format you throw at it. If you want a system that provides real-time alerting, based upon syslog data, consider the open source Swatch (syslog watch) project. It's the "Snort of syslogs."

For More Information

  • Learn how to install, and configure Snort in this technical guide.
  • Visit our resource center for news, tips and expert advice on how to install and use open source security tools in your organization.
  • This was first published in June 2006

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: