Hi All,

I know that snort can monitor the interface or span port, But any idea snort can monitor the syslog server logs ?

Like for example if install the snort on the syslog server ? is possible?

SNORT is an excellent Network Intrusion Detection System (NIDS) that works by packet analysis rules, it is not a log monitor system. There are some excellent log monitors, but that is not the function of an NIDS. I suspect you will want to oobtain, learn, and configure a log monitor to summarize and report on your log files, possibly to include your snort logs.

Thanks i got your point, I was thinking if snort can do the log monitor as well, Not sure if this possible when i checked your reply.

But snort cannot be installed all the machines which i need to monitor right or not all the situations i can span port to snort machines right ?

For example if i wanted to monitor the windows iis web server with snort? How this is possible ?

Snort is a Network Intrusion Detection System. That SHOULD imply that as long as it will run on your network it provides some detection for the entire network. Obviously there are ways to better deploy it, but there is nothing about Windows (Since WinNT 3.5 anyway) that makes it NOT be a part of your network.

If you mean you want to INSTALL it on Windows, that can work as well. Check this page: https://www.snort.org/#get-started and you will find packages of SNORT for Fedora, CentOS (and RHEL), FreeBSD, Windows, and as source. The source based install can be compiled onto any platform where you can compile the prerequisites and that source.

In addition, a 10 second search using DuckDuckGo (Google or BINK might have worked as well) brings one to this link https://blog.rapid7.com/2017/01/11/h...-ubuntu-linux/ which would seem to apply.