I dont think thats possible using Site Protector/ISS tools. My solution would be a python script that every 30 seconds (or something like that) does a "select * from events where date is last 30 seconds" to the mssql database of site protector and then using the syslog library send the events to the syslogd. You would have to analyze the sql sentence really well cause a bad sentence could retrieve 1M events and flood the syslog server.
On 11/18/05, Mick Ryan <[EMAIL PROTECTED]> wrote: > > Does anyone know how to send events to a syslog server from Site > Protector? I've got a number of Proventia G series sensors and Server > Sensors deployed that all feed back to my Event collector, how can I get all > that data sent to a syslog server so it can be used by Lancope StealthWatch > and Checkpoint Eventia Analyzer? > > Basically I don't want to use the Fusion module anymore and want all my > IDS events sent to another event correlation engine. > > Thanks in advance for all help. > > > > > > Mick Ryan > Networks & Information Security > Corrections Corporation of America > (W): 615-263-3217 > (F): 615-263-3239 > [EMAIL PROTECTED] > > > > > > ----------------------------------------- > (i) This e-mail and any files transmitted with it are confidential and > intended solely for the use of the intended recipient(s). If you have > received this e-mail in error, please notify the sender immediately and > delete this e-mail and any associated files from your system. (ii) > Views or opinions presented in this e-mail are solely those of the > author and do not necessarily represent those of Corrections > Corporation of America. (iii) The recipient should check this e-mail > and any attachments for the presence of viruses. The company accepts no > liability for errors or omissions caused by e-mail transmission or any > damage caused by any virus transmitted by or with this e-mail. This > email has been scanned for content and viruses by the CipherTrust Email > Security System. > _______________________________________________ > ISSForum mailing list > [email protected] > > TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to > https://atla-mm1.iss.net/mailman/listinfo/issforum > > To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] > > The ISSForum mailing list is hosted and managed by Internet Security > Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. > -- Andres Riancho http://www.securearg.net/ Secure from the source _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
