Quoting Shawn <[EMAIL PROTECTED]>: > So, I'm looking for ideas on how to get the snort log files on the IPCop > box > moved to my server automatically (and peridically through cron), so I can > run SnortSnarf against them. The server doesn't have FTP configured, nor > does the IPCop firewall. Both have SSH configured, but I haven't been too > sucessful at doing an ssh session to the firewall from the server (just > tried, with port 22 and 222).
You can get syslog to log certain log files to a remote machine. See man syslog.conf for more information. I also found this article on Real-Time Alerting with Snort in case your interested: http://www.linuxsecurity.com/feature_stories/feature_story-144.html Jesse
