User Tools
сервис_snort
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
сервис_snort [2024/05/11 09:06] val [Debian/Ubuntu] |
сервис_snort [2024/05/11 15:45] val [alert_unified2 to syslog] |
||
|---|---|---|---|
| Line 58: | Line 58: | ||
| # tail -f /var/log/auth.log | grep Red | # tail -f /var/log/auth.log | grep Red | ||
| + | |||
| + | # u2spewfoo /var/log/snort/snort.alert | ||
| </code> | </code> | ||
| Line 63: | Line 65: | ||
| <code> | <code> | ||
| isp.un$ wget http://192.168.X.10/root.exe | isp.un$ wget http://192.168.X.10/root.exe | ||
| + | </code> | ||
| + | |||
| + | ===== Копирование alert_unified2 в syslog ===== | ||
| + | <code> | ||
| + | # stdbuf -i0 -o0 u2spewfoo <(tail -c +1 -f /var/log/snort/snort.alert) | logger -t snort -p auth.info | ||
| + | |||
| + | # cat /etc/systemd/system/snort-alert-unified2-syslog.service | ||
| + | </code><code> | ||
| + | [Unit] | ||
| + | Description=Send snort alert_unified2 to syslog | ||
| + | After=snort.service | ||
| + | |||
| + | [Service] | ||
| + | ExecStart=/bin/bash -c '/usr/bin/stdbuf -i0 -o0 /usr/sbin/u2spewfoo <(/usr/bin/tail -c +1 -f /var/log/snort/snort.alert) | /usr/bin/logger -t snort -p auth.info' | ||
| + | |||
| + | [Install] | ||
| + | WantedBy=multi-user.target | ||
| </code> | </code> | ||
сервис_snort.txt · Last modified: 2024/05/11 16:43 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
