[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ISSForum] How to send event data to a syslog server?



I dont think thats possible using Site Protector/ISS tools. My solution
would be a python script that every 30 seconds (or something like that) does
a "select * from events where date is last 30 seconds" to the mssql database
of site protector and then using the syslog library send the events to the
syslogd. You would have to analyze the sql sentence really well cause a bad
sentence could retrieve 1M events and flood the syslog server.

On 11/18/05, Mick Ryan <Mick.Ryan@xxxxxxxxxxxxxxxxxxx> wrote:
>
> Does anyone know how to send events to a syslog server from Site
> Protector? I've got a number of Proventia G series sensors and Server
> Sensors deployed that all feed back to my Event collector, how can I get all
> that data sent to a syslog server so it can be used by Lancope StealthWatch
> and Checkpoint Eventia Analyzer?
>
> Basically I don't want to use the Fusion module anymore and want all my
> IDS events sent to another event correlation engine.
>
> Thanks in advance for all help.
>
>
>
>
>
> Mick Ryan
> Networks & Information Security
> Corrections Corporation of America
> (W): 615-263-3217
> (F): 615-263-3239
> mick.ryan@xxxxxxxxxxxxxxxxxxx
>
>
>
>
>
> -----------------------------------------
> (i) This e-mail and any files transmitted with it are confidential and
> intended solely for the use of the intended recipient(s). If you have
> received this e-mail in error, please notify the sender immediately and
> delete this e-mail and any associated files from your system. (ii)
> Views or opinions presented in this e-mail are solely those of the
> author and do not necessarily represent those of Corrections
> Corporation of America. (iii) The recipient should check this e-mail
> and any attachments for the presence of viruses. The company accepts no
> liability for errors or omissions caused by e-mail transmission or any
> damage caused by any virus transmitted by or with this e-mail. This
> email has been scanned for content and viruses by the CipherTrust Email
> Security System.
> _______________________________________________
> ISSForum mailing list
> ISSForum@xxxxxxx
>
> TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
> https://atla-mm1.iss.net/mailman/listinfo/issforum
>
> To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx
>
> The ISSForum mailing list is hosted and managed by Internet Security
> Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
>



--
Andres Riancho
http://www.securearg.net/ Secure from the source
_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.