Snort mailing list archives
ANNOUNCE: logsnorter v0.2. Merge Linux/BSD/Cisco access-lists into snort
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Wed, 8 Aug 2001 11:26:18 +1200
Logsnorter v0.2 Changes since v0.1. * Now *ONLY* supports the "new" SQL DB format. i.e. snort-1.7+ * Support for BSD ipf and Linux iptables format This is the second release of logsnorter for general consumption. This perl script scans syslog messages (typically in real-time), picks up any "reject packet" messages generated by Ciscos or Linux ipfw/ipchains and logs them into your central Snort SQL database. This allows you to "expand" the reach of snort without having to put snort out into wierd areas - like in front of your perimeter router/firewall... Typically invoked for real-time action as: logsnorter -T /var/log/syslog For post-processing (e.g. yesterday's syslog messages), try: cat /var/log/syslog.1|logsnorter -t There's a perldoc page ("perldoc logsnorter") showing the options - the main one to figure out is the /etc/logsnorter.conf config file. [This is my first attempt at perldoc - can someone tell me how to stop perldoc wrapping text - it really screwed up the example config file] The iptables and ipf modules haven't been extensively tested, so please let me know of any problems. Yes, using the "--log-prefix" option may throw off the iptables stuff - let me know. I'm attaching it to this message, but could someone upload it to www.snort.org for me please? -- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417
Attachment:
logsnorter-0.2.gz
Description:
Current thread:
- ANNOUNCE: logsnorter v0.2. Merge Linux/BSD/Cisco access-lists into snort Jason Haar (Aug 07)
- RE: ANNOUNCE: logsnorter v0.2. Merge Linux/BSD/Cisco access-lists into snort Jason Lewis (Aug 08)