I have a physical snort box, and I am trying to get it to send logs to my SolarWinds LEM, I set it to the output to the IP of the SolarWinds LEM but it doesn't pick up anything. I am using OpenSuse 13.1 in the snort.conf file I have put the output to the LEM server, is there anyone that has successfully set this up to work. I want it to work using a physical Snort Box and sending the logs to the LEM server to receive logs so that it can capture traffic on the IDS Scan/Attack Activity on LEM for monitoring.
I have tried many different combos with no luck, my Snort is creating logs but the LEM server isn't receiving them even though I point it to that server. I just need the correct configuration so that the LEM can start logging.
Any help would be greatly appreciated, remember this is not with the Snort on the LEM, this would be from a Snort Box.
Thank You,
Marcel