Gents,
New to the forum and just wanted to tip my hats to the outstanding work that is being accomplished here post Itus. I was pretty bummed out to see the company go under and really believe in the concept. I just recently updated (via Hans instructions) both of my Shields to v1.51 SP1. Due to work constraints I actually had to set these to the side for a while but now I have some time to work on tweaking it a little.
My question is has anyone fooled around with any type of log shipping of your snort logs to a local log server? I have a Synology NAS with a Log server and would love to ship the snort logs over prior to them being deleted. I have set the log size to 64k but any guidance on how to set this up via a cron job or scheduled task would be great. I am reaching out to the forum since my main concentration is windows and although i have a basic understanding there is no way for me to get the syntax correct on my own. Note this will be a password protected place where the logs will dump so i will need the syntax for the authentication (less actual UN/PWD :-)) as well if possible. Thanks to all in advance for any assistance!
UPDATE:
I found this blog that outline how to do this..
http://blog.disects.com/2011/05/snort-logging-alerts-to-syslog-server.htmlThis is how my logs are currently configured on the shield
************
output alert_fast: alert.fast 64k
# output log_tcpdump: tcpdump.log
************
Can i add the below text (Ips are fake obviously) to ship the logs over the a syslog server concurrently?
output alert_syslog: host=172.16.232.161:514, LOG_AUTH LOG_ALERT
Thoughts?
-yngpfy