Snort message forwarding – Brocade Network Advisor IP User Manual v12.1.0 User Manual
Page 1257
Brocade Network Advisor IP User Manual
1203
53-1002947-01
Syslogs
39
6. (Optional) For additional filtering, enter a text string using from 1 through 512 characters or
wild card symbols in the Regular Expression field. The regular expression is used to describe a
pattern in text. You can use an asterisk (*) to indicate a wildcard, as in the following examples:
-
*cdef: Matches a message ending with cdef
-
abc*: Matches a message beginning with abc
-
*abc*: Matches a message that contains abc
7. Select a severity level from the Severity pulldown menu. The severity level can be one of the
following, and appear in descending order of severity.
-
Emergency
-
Alert
-
Critical
-
Error
-
Warning (Default)
-
Notice
-
Info
-
Debug
Events with the selected severity and those with higher severity levels are forwarded.
For example, by default, Critical severity is selected. Therefore, events with Critical, Alert, and
Emergency severity levels are forwarded.
To have all traps forwarded, select Debug, the lowest severity level.
8. Select the Forward Snort® Messages check box to turn on Snort message forwarding. Refer to
on page 1203 for more information.
9. Select the SAN, IP, or Hosts tab. Depending on the tab selected, the products available to
which you can add a syslog filter display in the Available Products list.
10. Select the product from the Available Products list and click the right arrow button to move it to
the Selected Products list.
11. Click OK.
Snort message forwarding
Snort is a third-party tool that monitors network traffic in real time. When Snort detects dangerous
payloads or other abnormal behavior, it sends an alert to the syslog in real time. You can turn Snort
messages on or off using the Add Syslog Filter dialog box
By default, the Forward Snort© Messages feature is not enabled. You must enable it to have Snort
messages forwarded to the configured syslog destinations.
You can forward Snort messages, by selecting the Forward Snort® Messages check box in the
Add Syslog Filter dialog box (refer to