Our company recently installed Snort as an intrusion detection application. It currently sends intrusion logs to a local syslog server, but we want to send those logs to Site 24x7. Does anyone know if this is possible?
Using our AppLogs feature you can send your syslog server logs to Site24x7 for this you just need to install our server monitoring agent in your local syslog server. Once the agent is installed please follow the below steps to collect logs.
Create a Snort log type in Site24x7 by giving a sample logs and the log pattern.
Associate this logtype to a log profile. Here you can give the list of files to search as /var/log/snort/*.log and then select your local syslog server from the list of servers.
Once the above steps are done you should see the Snort logs in a couple of minutes in AppLogs tab.
If you face any trouble in creating a log type please contact firstname.lastname@example.org with 3 lines of sample log it would be better to assist your further.