Thank you for the response!

 

I just completed setting syslog-ng and now have the log files sending via syslog to Log Siphon now.

 

I agree, that it would be great to have it built into the framework directly.

 

Have a good day!

 

 

From: Jesse Bowling [mailto:jessebowling@gmail.com]
Sent: Wednesday, February 27, 2013 1:54 PM
To: Ron Jenkins
Cc: bro@bro-ids.org
Subject: Re: [Bro] Bro IDS logging via Syslog

 

There is almost certainly a better way to do it within the Bro framework itself, but another option might be to use built in (?) rsyslog:

http://ossectools.blogspot.com/2011/09/bro-quickstart-cluster-edition.html

About halfway down there are instructions for using rsyslog's imfile module to syslog Bro's logs...

Cheers,

Jesse

On Wed, Feb 27, 2013 at 1:51 PM, Ron Jenkins <rjenkins@rmjconsulting.net> wrote:

Is there a way to have Bro v2.1 send via Syslog along with a log file?

 

 

Thanks!

 

Ron Jenkins (SnortCP, VCP (3/4), MCNE, CNE6, MCP,CCNA)

RMJ Consulting, LLC. "Bringing Companies and Solutions Together"

Makers of Active Response System(ARS) & Log Siphon

Owner / Senior Architect

Physical Address

11715 Bricksome Ave STE B-7

Baton Rouge, LA 70816

Mail Address

7575 Jefferson Hwy #103

Baton Rouge, LA 70806

Toll: 855-448-5214

Direct. 225-448-5214

Fax. 225-448-5324

Cell. 225-931-1632

Email. rjenkins@rmjconsulting.net

Web. http://www.rmjconsulting.net

ARS. http://www.rmjars.com

Log Siphon. http://www.logsiphon.com

Linkedin. http://www.linkedin.com/profile/view?id=28564151&trk=tab_pro

 


_______________________________________________
Bro mailing list
bro@bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro




--
Jesse Bowling