I believe he was implying that you could configure Snort to send its
logs via syslog to Zenoss. The syslog messages would then show up in
the event log and could be mapped to the proper severity and converted
into alerts. Unknown events can be mapped to new or existing events
and you would eventually build up a viable Snort monitoring solution
via syslog. This sounds quite useful and would make a great ZenPack
once it's started, and other users could continue to supplement
existing rulesets for event mappings.
Thanks,
Matt Ray
Zenoss Community Manager
community.zenoss.com
[EMAIL PROTECTED]
On Jun 13, 2008, at 8:25 AM, rlund wrote:
elmerfud wrote:
rlund wrote:
Anyone willing to make a how to for this?
Or outline the steps?
Thanks
Since we're doing things in threes today :)
Step 1.
http://www.zenoss.com/community/docs/howtos/configuration-of-netsnmp-for-use-with-zenoss/
Step 2.
http://www.zenoss.com/community/docs/howtos/how-to-forward-syslog-messages-to-zenoss/
Step 3. http://www.zenoss.com/community/docs/zenoss-guide/2.2.0
Ok, assuming I can get the device ( Ubuntu running Snort) to send to
Zenoss, what then?
In the last link, is there a Snort section, must have missed it?
not sure what to look for in the manual.
However, now I see how to configure my Cicso devices to send
syslogs's.
TY.
But even then, what do I do in zenoss to make the data useful ( off
subject)
-------------------- m2f --------------------
Read this topic online here:
http://community.zenoss.com/forums/viewtopic.php?p=21362#21362
-------------------- m2f --------------------
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
