Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
482
Views
0
Helpful
3
Replies

sending IDS alerts to remote syslog server?

mpfeilst
Level 1
Level 1

‎04-01-2004 07:49 AM - edited ‎03-09-2019 06:56 AM

Hello

is there any supported way to send IDS alerts (4210 running 3 and 4.1) to a remote syslog server? Either through VMS or at the sensor itself ?

thanks

Martin Pfeilsticker

Labels:
0 Helpful
3 Replies 3

umedryk
Level 5
Level 5

‎04-07-2004 07:04 AM

As far as my knowledge goes, you cannot send IDS alerts to a remote syslog server.

0 Helpful

5mlattimore
Level 1
Level 1
In response to umedryk

‎04-22-2004 01:44 PM

We have had success sending alerts to an remote server by adding its ip address to the sensors Remote Host config on the MC

Then we imported the sensors from the console of the remote syslog server and the alarms poured in

We got much better success recording alarms than with the security monitor

Hope this is helpful

0 Helpful

p.hachmeister
Level 1
Level 1
In response to 5mlattimore

‎06-04-2004 05:20 AM

Exactly how did you get the sensor to generate syslog messages?

I added the syslog server to the truster hosts, but I don't see any port 514 traffic leaving the sensor (I used tcpdump.)

Are the syslog messages coming directly from the sensor or the VMS server?

Thanks

0 Helpful
Customers Also Viewed These Support Documents