Snort mailing list archives
Re: DShield logs from Snort logs?
From: "Harald Finnaas" <mailings () lantrix no>
Date: Tue, 27 Aug 2002 17:12:31 +0200
All depends on your snort.conf / cmdine options but the portscan and snort 1.8 alert scripts in the framework client http://www.dshield.org/framework.html should mostly work, you may have to do a little hacking about but it is
pretty
straight forward.
I really don't know Perl that well. I just pointed the script at the portscan log, but it didn't recognize the format. I also tested using syslog, but was unable to get Snort to log to a different file than the default Redhat "messages" file. I played around with different facilities in Snort / syslog.conf for a while, but....
If you are using ACID then I have a script (ugly) that can pull from that.
Yes please! :) I'm running ACID so I'd appreciate a copy. Regards, Harald ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DShield logs from Snort logs? Harald Finnaas (Aug 26)
- Re: DShield logs from Snort logs? Mark Rowlands (Aug 27)
- Re: DShield logs from Snort logs? Harald Finnaas (Aug 27)
- Re: DShield logs from Snort logs? Mark Rowlands (Aug 27)