In the ubuntu or any other Linux, can we monitor the syslog with snort ?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
SNORT is an excellent Network Intrusion Detection System (NIDS) that works by packet analysis rules, it is not a log monitor system. There are some excellent log monitors, but that is not the function of an NIDS. I suspect you will want to oobtain, learn, and configure a log monitor to summarize and report on your log files, possibly to include your snort logs.
Thanks i got your point, I was thinking if snort can do the log monitor as well, Not sure if this possible when i checked your reply.
But snort cannot be installed all the machines which i need to monitor right or not all the situations i can span port to snort machines right ?
For example if i wanted to monitor the windows iis web server with snort? How this is possible ?
Snort is a Network Intrusion Detection System. That SHOULD imply that as long as it will run on your network it provides some detection for the entire network. Obviously there are ways to better deploy it, but there is nothing about Windows (Since WinNT 3.5 anyway) that makes it NOT be a part of your network.
If you mean you want to INSTALL it on Windows, that can work as well. Check this page: https://www.snort.org/#get-started and you will find packages of SNORT for Fedora, CentOS (and RHEL), FreeBSD, Windows, and as source. The source based install can be compiled onto any platform where you can compile the prerequisites and that source.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.