Log central with Snort, Syslog-ng and Splunk ( SSS)

In previous post, i installed snort with barnyard to send log to snort report. Today, i installed addition Base: Snort log analysis: Download file: #wget http://sourceforge.net/projects/adodb/files/latest/download?source=files #wget http://sourceforge.net/projects/secureideas/files/latest/download?source=files #yum --enablerepo=epel -y install php-adodb php-pear-Image-Graph #unzip adodb517.zip #tar xvzf base-1.4.5.tar.gz #cp -R base-1.4.5 /var/www/html/ #mv /var/www/html/base-1.4.5 /var/www/html/base #cp -R adodb5 /var/www/html/base #chmod 777 -R /var/www/html/base Go http:// /base and setup, adodb path is /var/www/html/base/adodb5 After complete this tutorial, i started config snort to send log to center log. I am using splunk to Log Central Manager. I used syslog-ng to send snort log to splunk. Frist, in snort machine, i edited config to force snort write alert to plain text file: #vim /etc/sysconfig/snortd ( i don`t remmeber path) Find ALERT and uncomment it, change ALERT=fu