Snort mailing list archives
Re: network output strategies (was: Rotating '-b'logs...)
From: Ben Hughes <ben.hughes () uk easynet net>
Date: Tue, 24 Jul 2001 14:30:33 +0100
On Tue, Jul 24, 2001 at 08:27:01AM -0400, Kiira Triea wrote:
Hmmm... I've been thinking about this too but thought perhaps using perl's IO::Socket modules to write a local client for a UDP connection to the remote server - have snort sensors write to to the local client
ssh would probably be too expensive in all honesty, netcat or some perl, i agree.. (:
What would really work well for what I need is to be able to have the server (Socket listener/data receiver) output to different sources depending on Alert directives - I want a database of alerts to cover a large timespan for instance, but I want a binary tcpdump to be triggered by an alert which would be linked by a database key to the triggering alert - so that I can trace through a possible intrusion sequence. I know that the "tag" and "session" directives address this... I just haven't gotten around to setting everything up the way I need it. Yikes I better get some coffee.
coffee is the way, it is sounding XML'ing over the wire to somewhere that sorts out what to do with it... hmm, coffee.. -- Ben Hughes, <ben.hughes [at] uk.easynet.net> _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rotating '-b' logs without stopping snort? (0% data loss...) Dave Cinege (Jul 24)
- Snort 1.8 and Acid Problem Alessandro Fiorenzi (Jul 24)
- Re: Rotating '-b' logs without stopping snort? (0% data loss...) snort-users (Jul 24)
- network output strategies (was: Rotating '-b'logs...) Kiira Triea (Jul 24)
- Re: network output strategies (was: Rotating '-b'logs...) Ben Hughes (Jul 24)
- Re: Rotating '-b' logs without stopping snort? (0% data loss...) Dave Cinege (Jul 24)
- network output strategies (was: Rotating '-b'logs...) Kiira Triea (Jul 24)
- Re: Rotating '-b' logs without stopping snort? (0% data loss...) Pawel Krawczyk (Jul 24)
- Re: Rotating '-b' logs without stopping snort? (0% data loss...) Johannes Grosen (Jul 24)
- Re: Rotating '-b' logs without stopping snort? (0% data loss...) Ramin Alidousti (Jul 24)
- Re: Rotating '-b' logs without stopping snort? (0% data loss...) Chris Keladis (Jul 24)