Snort mailing list archives
RE: ANNOUNCE: logsnorter v0.2. Merge Linux/BSD/Cisco access-lists into snort
From: "Jason Lewis" <jlewis () packetnexus com>
Date: Wed, 8 Aug 2001 21:23:25 -0400
Kudos on this update. I was wrestling with the old version with the new DB. I really like having the router logs easily accessible in ACID. jas -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Jason Haar Sent: Tuesday, August 07, 2001 7:26 PM To: snort-users () lists sourceforge net Subject: [Snort-users] ANNOUNCE: logsnorter v0.2. Merge Linux/BSD/Cisco access-lists into snort Logsnorter v0.2 Changes since v0.1. * Now *ONLY* supports the "new" SQL DB format. i.e. snort-1.7+ * Support for BSD ipf and Linux iptables format This is the second release of logsnorter for general consumption. This perl script scans syslog messages (typically in real-time), picks up any "reject packet" messages generated by Ciscos or Linux ipfw/ipchains and logs them into your central Snort SQL database. This allows you to "expand" the reach of snort without having to put snort out into wierd areas - like in front of your perimeter router/firewall... Typically invoked for real-time action as: logsnorter -T /var/log/syslog For post-processing (e.g. yesterday's syslog messages), try: cat /var/log/syslog.1|logsnorter -t There's a perldoc page ("perldoc logsnorter") showing the options - the main one to figure out is the /etc/logsnorter.conf config file. [This is my first attempt at perldoc - can someone tell me how to stop perldoc wrapping text - it really screwed up the example config file] The iptables and ipf modules haven't been extensively tested, so please let me know of any problems. Yes, using the "--log-prefix" option may throw off the iptables stuff - let me know. I'm attaching it to this message, but could someone upload it to www.snort.org for me please? -- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ANNOUNCE: logsnorter v0.2. Merge Linux/BSD/Cisco access-lists into snort Jason Haar (Aug 07)
- RE: ANNOUNCE: logsnorter v0.2. Merge Linux/BSD/Cisco access-lists into snort Jason Lewis (Aug 08)