
	Home > Ask the Security Experts > Network Security Questions & Answers > Can Snort read multi-platform syslogs?

Ask The Security Expert: Questions & Answers

EMAIL THIS

Can Snort read multi-platform syslogs?

EXPERT RESPONSE FROM: Mike Chapple

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 09 May 2006
Is there a way to read multi-platform syslogs through Snort?

EXPERT RESPONSE
As you probably know, Snort is primarily a network intrusion detection system, designed to directly monitor a network for activity that matches certain patterns (the Snort ruleset). Unfortunately, it's really not a good tool for monitoring syslog traffic, because it's simply not designed for the task. However, there are a number of tools that can help analyze log data. If you're looking for a tool that helps perform offline analysis on the desktop, Sawmill is one of my favorites. Its major strength lies in its ability to tackle just about any log format you throw at it. If you want a system that provides real-time alerting, based upon syslog data, consider the open source Swatch (syslog watch) project. It's the "Snort of syslogs."

For More Information

Learn how to install, and configure Snort in this technical guide.

Visit our resource center for news, tips and expert advice on how to install and use open source security tools in your organization.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Network Security
	Is it possible to allow select access to IP addresses using Windows Server 2003?
	Is an IPsec VPN necessary when connecting remote servers that process financial transactions?
	What are best practices for creating an IDS and maintaining a signature database?
	What are the best ways to hide system information from network scanning software?
	What are the security risks of opening all the ports on an internal router?
	Will Cisco's plan to open access to the IOS improve network security?
	Will VoIP attacks result in more than just spam?
	Should enterprises implement a mandatory iPhone VPN?
	Will organizations that lag behind on IPv6 adoption have greater security risks?
	Should iPhone email be sent without SSL encryption?

Network Intrusion Detection (IDS)

What are best practices for creating an IDS and maintaining a signature database?

Network intrusion prevention systems: Should enterprises deploy now?

RSA 2008: Sourcefire founder Roesch previews Snort 3

What is the best possible IDS deployment for an Enterprise Resource Planning (ERP) system?

Screencast: Opening up the Network Security Toolkit

Can a firewall alone effectively block port-scanning activity?

Should an intrusion detection system (IDS) be written using Java?

What security risks do enterprise honeypots pose?

What are the benefits of 'in-the-cloud' network security services?

Screencast: Snort -- Tactics for basic network analysis

Network Intrusion Detection (IDS) Research

Monitoring Network Traffic and Network Forensics

Screencast: Catching network traffic with Wireshark

Windows registry forensics guide: Investigating hacker activities

More built-in Windows commands for system analysis

Is security improved when the number of Internet gateways is reduced?

Screencast: Using Nessus to scan for vulnerabilities

What are the pros and cons of shaping P2P packets?

Built-in Windows commands to determine if a system has been hacked

How will the centralized logging of network flow data benefit an enterprise?

The forensics mindset: Making life easier for investigators

Data Loss Prevention Tools Offer Insight into Where Data Lives

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

computer forensics (SearchSecurity.com)

Diffie-Hellman key exchange (SearchSecurity.com)

Einstein (SearchSecurity.com)

HIDS/NIDS (SearchSecurity.com)

intrusion detection (SearchSecurity.com)

network behavior analysis (SearchSecurity.com)

ultrasound (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Advanced Search | Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy