Is there a way to read multi-platform syslogs through Snort?
As you probably know,
is primarily a network
intrusion detection system
, designed to directly monitor a network for activity that matches certain patterns (the Snort ruleset). Unfortunately, it's really not a good tool for monitoring syslog traffic, because it's simply not designed for the task. However, there are a number of tools that can help analyze log data. If you're looking for a tool that helps perform offline analysis on the desktop, Sawmill is one of my favorites. Its major strength lies in its ability to tackle just about any log format you throw at it. If you want a system that provides real-time alerting, based upon syslog data, consider the open source Swatch (syslog watch) project. It's the "Snort of syslogs."
For More Information
Learn how to install, and configure Snort in this technical guide.
Visit our resource center for news, tips and expert advice on how to install and use open source security tools in your organization.
Dig Deeper on Network intrusion detection and prevention (IDS-IPS)
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ...continue reading
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ...continue reading
HIPAA regulations incorporate NIST guidelines and standards, so do healthcare organizations need to be compliant with both? Expert Mike Chapple ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.