cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to configure ESM to receive incoming Snort alerts?

I have a Snort box that I would like to forward alerts to ESM via syslog.  Where and how in ESM do I configure that?

6 Replies
rgarrett
Level 9
Report Inappropriate Content
Message 2 of 7

Re: How to configure ESM to receive incoming Snort alerts?

what configuration ? Are you using Baryard2?

Re: How to configure ESM to receive incoming Snort alerts?

I'm using Snort v.2.9.7.6; my Snort has customized alert rules and I would it to forward to McAfee via syslog.  Is that supported?

thanks!

rgarrett
Level 9
Report Inappropriate Content
Message 4 of 7

Re: How to configure ESM to receive incoming Snort alerts?

Barnyard2 is supported for Snort, and can be downloaded from the support web site. I am not sure about custom alerts yet.

davids15
Level 9
Report Inappropriate Content
Message 5 of 7

Re: How to configure ESM to receive incoming Snort alerts?

Look under Data Source Vendor : Source Fire ,  then look under Data Source Model : Source Fire NS/RNA (ASP). This should work for your snort events. I use it, I made some modifications to the rule to grab additional data.

http://www.mcafee.com/us/resources/data-sheets/ds-siem-supported-devices.pdf

Snort NIDS IDS / IPS All Use SourceFire NS/RNA (ASP) data source

Re: How to configure ESM to receive incoming Snort alerts?

thanks, will check it out.

Re: How to configure ESM to receive incoming Snort alerts?

For Snort via syslog, do you think the configuration is thru ESM's System Properties - Event Forwarding - Format of 'Syslog (snort)'?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community