Ok, thanks, that's helpful actually. We are using Kiwi for syslog. Jeff
-----Original Message----- From: Lorenzo Mart�nez Rodr�guez [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 05, 2003 9:19 AM To: Jones, Jeff Cc: [EMAIL PROTECTED] Subject: Re: [ISSForum] Re: Log Network Sensor/Server sensor events to Syslog Server The syslog server will get only those attacks you had selected in the policy response to do it. I mean you have to select every attack you want to be logged by the syslog machine. Jones, Jeff wrote: > And the syslog server gets all the attacks as well? > > Jeff > > -----Original Message----- > From: Lorenzo Mart�nez Rodr�guez [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 05, 2003 4:02 AM > To: [EMAIL PROTECTED] > Subject: [ISSForum] Re: Log Network Sensor/Server sensor events to > Syslog Server > > > Hi Johnny, > I had to implement a solution to do that. What I did was call a User > Specified response (passing it some parameters as: IP origin, IP > target, Name Event, etc) which calls an executable script which sends > that information to the UDP 514 port of the syslog collecting machine. > That's all! > > > -- > Lorenzo Mart�nez Rodr�guez > Consultor de seguridad inform�tica > > ISC Consultores > Santa Hortensia 2 > 28002 Madrid > > Tel +34 91 510 43 00 > Fax +34 91 519 81 08 > > e-mail [EMAIL PROTECTED] > > > _______________________________________________ > ISSForum mailing list > [EMAIL PROTECTED] > > TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to > https://atla-mm1.iss.net/mailman/listinfo > > ---------------------------------------------------------------------- > --------------- > This e-mail is the exclusive, private and confidential property of the sender. The > information contained in it is intended solely for the use of the sender and the > intended recipient. If you are not the intended recipient you are hereby advised that > any unauthorized disclosure, copying, distribution or the taking of any action in > reliance on the contents of this message is strictly prohibited. If you have received > this e-mail in error, please notify us immediately by telephone (call the USF > Corporation Technical Support Center at 1-800-753-4563) and then destroy this > document and any copies in any form immediately. Finally, the recipient should > check this email and any attachments for the presence of viruses. USF Corporation > accepts no liability for any damage caused by any virus transmitted by this email. > ------------------------------------------------------------------------------------- > > -- Lorenzo Mart�nez Rodr�guez Consultor de seguridad inform�tica ISC Consultores Santa Hortensia 2 28002 Madrid Tel +34 91 510 43 00 Fax +34 91 519 81 08 e-mail [EMAIL PROTECTED] ------------------------------------------------------------------------------------- This e-mail is the exclusive, private and confidential property of the sender. The information contained in it is intended solely for the use of the sender and the intended recipient. If you are not the intended recipient you are hereby advised that any unauthorized disclosure, copying, distribution or the taking of any action in reliance on the contents of this message is strictly prohibited. If you have received this e-mail in error, please notify us immediately by telephone (call the USF Corporation Technical Support Center at 1-800-753-4563) and then destroy this document and any copies in any form immediately. Finally, the recipient should check this email and any attachments for the presence of viruses. USF Corporation accepts no liability for any damage caused by any virus transmitted by this email. ------------------------------------------------------------------------------------- _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
