cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
869
Views
1
Helpful
1
Replies

Syslog on Snort 3 intrusion policy

raymondluis13
Level 1
Level 1

Hello,

So, in Snort 2 theres an  advanced setting menu and i can enable syslog from there. So in Snort 2, i can only send intrusion event to the SIEM from the intrusion policy.

But, when i try to configure the same thing in snort 3, theres no advanced setting menu, so i cannot set the Intrusion policy to send intrusion events to SIEM.

Is there a way to configure this on the Snort 3? if not, then is there a way to only send intrusion events to the SIEM?

Thank you

RL
1 Reply 1

Harinadababu Ruthala
Cisco Employee
Cisco Employee
Please check the logging tab on the AC policy.  Syslog for IPS events should be there.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card