[BBLISA] Help with destination of syslog messages?
Scott Ehrlich
srehrlich at gmail.com
Wed Mar 28 17:44:38 EDT 2012
I have a test environment consisting of Win 2008 R2 Server and Windows
XP w/SP3, both running the latest Snare Agent for Windows, along with
RHEL 5.6 and RHEL 6.2 servers, all within a VM environment.
I am testing Linux as a central logging option. Snare Agent (free
version) uses UDP, so it is a natural option for standard syslog on
Linux.
I am tailing /var/log/messages and only see host-only traffic, but
another terminal window running tcpdump (or tcpdump -X port 514) DOES
show incoming traffic from the clients. My question is where the
heck is that data going? There are NO error messages on whichever
Linux box I designate as the server (if I were to switch between 5.6
and 6.2).
Traffic is coming in, but I'd love to know where, if anywhere, it is
being written.
Or, is there another step I need to learn to capture the data to a file?
An ls -ltr /var/log doesn't show anything helpful, either.
Thanks for any insights.
Scott
More information about the bblisa
mailing list