Re: DShield logs from Snort logs?

["Harald Finnaas" <mailings () lantrix no>]

> All depends on your snort.conf / cmdine options but the portscan and
> snort 1.8 alert scripts in the framework client
> http://www.dshield.org/framework.html
> should mostly work, you may have to do a little hacking about but it is
pretty
> straight forward.

I really don't know Perl that well. I just pointed the script at the
portscan log, but it didn't recognize the format.

I also tested using syslog, but was unable to get Snort to log to a
different file than the default Redhat "messages" file. I played around with
different facilities in Snort / syslog.conf for a while, but....

> If you are using ACID then I have a script (ugly)  that can pull from that.

Yes please! :) I'm running ACID so I'd appreciate a copy.

Regards,
Harald





-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users