Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
I have a test environment consisting of Win 2008 R2 Server and Windows XP w/SP3, both running the latest Snare Agent for Windows, along with RHEL 5.6 and RHEL 6.2 servers, all within a VM environment. I am testing Linux as a central logging option. Snare Agent (free version) uses UDP, so it is a natural option for standard syslog on Linux. I am tailing /var/log/messages and only see host-only traffic, but another terminal window running tcpdump (or tcpdump -X port 514) DOES show incoming traffic from the clients. My question is where the heck is that data going? There are NO error messages on whichever Linux box I designate as the server (if I were to switch between 5.6 and 6.2). Traffic is coming in, but I'd love to know where, if anywhere, it is being written. Or, is there another step I need to learn to capture the data to a file? An ls -ltr /var/log doesn't show anything helpful, either. Thanks for any insights. Scott
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |