SNORT ALERT FOR SYSLOG when sending udp packets containing log data

ceramicskate0 / SWELF

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

https://ceramicskate0.github.io/SWELF/

GNU Affero General Public License v3.0

24 stars 7 forks source link

SNORT ALERT FOR SYSLOG when sending udp packets containing log data #13

Closed ceramicskate0 closed 6 years ago

ceramicskate0 commented 6 years ago

Snort ids alerts for packets containing log data transmitted from app using "syslog" setting.

Snort Sig number: Message........: SERVER-OTHER HP HP Intelligent Management Center syslog remote code execution attempt Details........: https://www.snort.org/search?query=25352 dst port:514

ceramicskate0 commented 6 years ago

easy to fix (famous last words) appears to be that the sig is normal static search packet IDS sig. No need to do encrypted syslog to bypass alert. Alerting udp packet and log output format should do to pass packet inspection.

ceramicskate0 commented 6 years ago

No need to fix as the product in this alert is not supported