ANNOUNCE: logsnorter v0.2. Merge Linux/BSD/Cisco access-lists into snort

[Jason Haar <Jason.Haar () trimble co nz>]

Logsnorter v0.2

Changes since v0.1.

* Now *ONLY* supports the "new" SQL DB format. i.e. snort-1.7+
* Support for BSD ipf and Linux iptables format

This is the second release of logsnorter for general consumption.

This perl script scans syslog messages (typically in real-time), picks up
any "reject packet" messages generated by Ciscos or Linux ipfw/ipchains and
logs them into your central Snort SQL database. This allows you to "expand"
the reach of snort without having to put snort out into wierd areas - like
in front of your perimeter router/firewall...


Typically invoked for real-time action as:

logsnorter -T /var/log/syslog

For post-processing (e.g. yesterday's syslog messages), try:

cat /var/log/syslog.1|logsnorter -t

There's a perldoc page ("perldoc logsnorter") showing the options - the main
one to figure out is the /etc/logsnorter.conf config file.

[This is my first attempt at perldoc - can someone tell me how to stop
perldoc wrapping text - it really screwed up the example config file]

The iptables and ipf modules haven't been extensively tested, so please let
me know of any problems. Yes, using the "--log-prefix" option may throw off
the iptables stuff - let me know.

I'm attaching it to this message, but could someone upload it to
www.snort.org for me please?

-- 
Cheers

Jason Haar

Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417

Attachment: logsnorter-0.2.gz
Description: