can snort decode syslog traffic and feed that traffic into logsnorter

["Raymond Jacob" <jacob_raymond () hotmail com>]

I am a lurker and I appologize in advance.
I was looking through my December 2001
Linux Journal and on page 34 there
are few paragraphs on setting up
a stealth logserver by Lance Spitzner
of the honeynet project(www.honeynet.org).
He suggests:...
 It is not necessary for a central
 logserver... to have an IP address;
 the logserver passively can sniff
 the log messages via snort or
 some other packet sniffer...
 In addition, to configure each
 DMZ host's syslog.conf file to
 log to the bogus IP, you'll also
 need a bougus ARP entry on each
 sending host.

Question: The above makes sense to me.
The only part I was not aware of was
snort's ability to capture syslog
traffic and output that traffic
into a syslog messages file? Has
anyone written a plugin, if that
is the correct word, to do this
already? I would assume that
logsnorter would be able to
convert the cisco and netfilter denials
into snort events.

Again, I appologize in advance if this
question demonstrates my ignorance.
Raymond

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users