output alert_syslog_full: sensor_name lrc-eno2, server syslog.xxx.xxxx.xxx, protocol tcp, port 514, log_priority log_alert, operation_mode default
The strig works great with the exception of the MSGHDR which typically has a value of "snort" to identify it as a snort alert. I use this to filter it into an Index on our centralized syslog server to enhane searching. With this said, I am hoping that someone knows how to add a custom field that will export from Barnyard so that I can tag it as "snort"
I entered the following string into my conf file;
output alert_syslog_full: sensor_name lrc-eno2, server syslog.xxx.xxxx.xxx, protocol tcp, port 514, log_priority log_alert, operation_mode default
The strig works great with the exception of the MSGHDR which typically has a value of "snort" to identify it as a snort alert. I use this to filter it into an Index on our centralized syslog server to enhane searching. With this said, I am hoping that someone knows how to add a custom field that will export from Barnyard so that I can tag it as "snort"
Thank you