Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: ANNOUNCE: logsnorter v0.2. Merge Linux/BSD/Cisco access-lists into snort

From: "Jason Lewis" <jlewis () packetnexus com>
Date: Wed, 8 Aug 2001 21:23:25 -0400
Kudos on this update.

I was wrestling with the old version with the new DB.  I really like
having the router logs easily accessible in ACID.

jas

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Jason Haar
Sent: Tuesday, August 07, 2001 7:26 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] ANNOUNCE: logsnorter v0.2. Merge Linux/BSD/Cisco
access-lists into snort


Logsnorter v0.2

Changes since v0.1.

* Now *ONLY* supports the "new" SQL DB format. i.e. snort-1.7+
* Support for BSD ipf and Linux iptables format

This is the second release of logsnorter for general consumption.

This perl script scans syslog messages (typically in real-time), picks up
any "reject packet" messages generated by Ciscos or Linux ipfw/ipchains and
logs them into your central Snort SQL database. This allows you to "expand"
the reach of snort without having to put snort out into wierd areas - like
in front of your perimeter router/firewall...


Typically invoked for real-time action as:

logsnorter -T /var/log/syslog

For post-processing (e.g. yesterday's syslog messages), try:

cat /var/log/syslog.1|logsnorter -t

There's a perldoc page ("perldoc logsnorter") showing the options - the main
one to figure out is the /etc/logsnorter.conf config file.

[This is my first attempt at perldoc - can someone tell me how to stop
perldoc wrapping text - it really screwed up the example config file]

The iptables and ipf modules haven't been extensively tested, so please let
me know of any problems. Yes, using the "--log-prefix" option may throw off
the iptables stuff - let me know.

I'm attaching it to this message, but could someone upload it to
www.snort.org for me please?

--
Cheers

Jason Haar

Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: