Re: DShield logs from Snort logs?

[Mark Rowlands <mark.rowlands () minmail net>]

On Mon August 26 2002 20:59, Harald Finnaas wrote:
> Just wondering if anyone has scripts that can process the Snort logs and
> generate the kind of logs DShield wants? From what I've figured out the
> DShield Snort scripts read only syslog format.?
>
> Regards,
> Harald

snort logs in many ways, it's mysteries to perform ;-)

All depends on your snort.conf / cmdine options but the portscan and 
snort 1.8 alert scripts in the framework client 

http://www.dshield.org/framework.html 

should mostly work, you may have to do a little hacking about but it is pretty 
straight forward.

If you are using ACID then I have a script (ugly)  that can pull from that.




-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users