Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1443
Views
1
Helpful
1
Replies

Syslog on Snort 3 intrusion policy

raymondluis13
Level 1
Level 1

‎04-06-2023 03:11 AM

Hello,

So, in Snort 2 theres an  advanced setting menu and i can enable syslog from there. So in Snort 2, i can only send intrusion event to the SIEM from the intrusion policy.

But, when i try to configure the same thing in snort 3, theres no advanced setting menu, so i cannot set the Intrusion policy to send intrusion events to SIEM.

Is there a way to configure this on the Snort 3? if not, then is there a way to only send intrusion events to the SIEM?

Thank you

RL
1 person had this problem
1 Reply 1

Harinadababu Ruthala
Cisco Employee
Cisco Employee

‎04-14-2023 11:14 AM 

Please check the logging tab on the AC policy.  Syslog for IPS events should be there.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card