Snort mailing list archives
Snort packet and portscan.log cleanup utility?
From: Ryan Hill <rhill () xypoint com>
Date: Mon, 19 Nov 2001 19:47:35 -0800
Evenin' folks. Long-time listener, not very long time poster here - was wondering if anyone has any cleanup scripts that will scan your /var/log/snort directory and compare IP packet dump directories and portscan entries against a db you specify to scrub datasets for false alarms. Basically, I want to dump every packet directory and portscan entry that doesn't have a matching IP in my db (i.e. IP exists in db, leave alone - no IP exists dump or archive). This kind of utility would be immensely helpful, as its pretty easy to keep my DB clean via the management tools available, but I haven't seen any scripts that will perform raw data scrubbing to get rid of packets and portscan entries you're no longer interested in. I'd write the darn thing myself, except I've got no skillz when it comes to scripting... P.S. Snort OWNZ! Marty and contributing team have my eternal gratitude for such a great IDS! Where are the new logo t-shirts? I want a t-shirt with the new logo on back and a front that says: "SCORE!" ;) Thanks in advance, Ryan Hill, MCSE IT Ninja Corporate Information Systems Telecommunication Systems, Inc. (TCS) - http://www.telecomsys.com <http://www.telecomsys.com> v: 206.792.2276 - f: 206.792.2001 pgp: 0x17CE70AB
Current thread:
- Snort packet and portscan.log cleanup utility? Ryan Hill (Nov 19)