Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: Snort/Log report software

From: "tazmaniak tazmaniak" <clyss () hotmail com>
Date: Tue, 05 Nov 2002 17:03:54 +0000

Hello,
Mickael, could you check the url of symantec ?
RE: [Snort-users] Snort/Log report software
http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=3%20&D=159
seems to be Ghost...
Thanks!






----Original Message Follows----
From: snort-users-request () lists sourceforge net
Reply-To: snort-users () lists sourceforge net
To: snort-users () lists sourceforge net
Subject: Snort-users digest, Vol 1 #2458 - 11 msgs
Date: Mon, 04 Nov 2002 09:30:08 -0800
MIME-Version: 1.0
Received: from mc7-f25.law1.hotmail.com ([65.54.253.32]) by mc7-s17.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Mon, 4 Nov 2002 09:39:13 -0800 Received: from usw-sf-list2.sourceforge.net ([216.136.171.252]) by mc7-f25.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Mon, 4 Nov 2002 09:39:13 -0800 Received: from usw-sf-list1-b.sourceforge.net ([10.3.1.13] helo=usw-sf-list1.sourceforge.net)by usw-sf-list2.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))id 188l4A-0001kY-00; Mon, 04 Nov 2002 09:31:10 -0800 
X-Mailer: Mailman v2.0.9-sf.net
Sender: snort-users-admin () lists sourceforge net
Errors-To: snort-users-admin () lists sourceforge net
X-BeenThere: snort-users () lists sourceforge net
X-Mailman-Version: 2.0.9-sf.net
Precedence: bulk
List-Help: <mailto:snort-users-request () lists sourceforge net?subject=help>
List-Post: <mailto:snort-users () lists sourceforge net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,<mailto:snort-users-request () lists sourceforge net?subject=subscribe> List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,<mailto:snort-users-request () lists sourceforge net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum=snort-users> 
Message-Id: <E188l4A-0001kY-00 () usw-sf-list2 sourceforge net>
Return-Path: snort-users-admin () lists sourceforge net
X-OriginalArrivalTime: 04 Nov 2002 17:39:13.0335 (UTC) FILETIME=[16F31470:01C28429] 

Send Snort-users mailing list submissions to
        snort-users () lists sourceforge net

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
        snort-users-request () lists sourceforge net

You can reach the person managing the list at
        snort-users-admin () lists sourceforge net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. RE: e100 promisc mode (Peter Param)
   2. RE: Clean up/Reset Logs (Michael Steele)
   3. RE: Snort/Log report software (Michael Steele)
   4. RE: Snort/Log report software (Michael Steele)
   5. New SnortSam plugins and Mail List (Frank Knobbe)
   6. RE: Snort/Mysql/ACID/MS PWS help (Security Admin)
   7. RE: Question about MSSQL (Robbins, Mark)
   8. Mysql cleanup script? (Nathan Whitehouse)
   9. rule for detecting Raptor denial of service (John McCain)
  10. Logging to Remote Syslog and ACID Console (Parker, Ian)
  11. Re: Logging to Remote Syslog and ACID Console (twig les)

--__--__--

Message: 1
Date: Mon, 04 Nov 2002 08:28:28 +1100
From: "Peter Param" <pparam () stvincents com au>
To: <jack.lyons () martinagency com>
CC: <snort-users () lists sourceforge net>
Subject: RE: [Snort-users] e100 promisc mode

Hey Jack,

Ben Feinstein gave me this  URL that provided a driver that worked well
for me:
http://www.intel.com/support/network/adapter/1000/linux/e100.htm

Like yourself I was using the Compaq driver without much success.

cheers

Peter
>>> Jack Lyons <jack.lyons () martinagency com> 11/02/02 00:38 AM >>>
Related issue, I have having problems getting the e100 driver going in
full-duplex.  I have tried editing modules.conf and added options, but
it
doesn't seem to work.  It is redhat 7.3 on Compaq server

Thanks.

-----Original Message-----
From: Peter Param [mailto:pparam () stvincents com au]
Sent: Thursday, October 31, 2002 4:55 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] e100 promisc mode

Hi all,

Recently installed Snort 1.9 on linux 2.4.7-10.  I had to get the latest
e100 driver (2.1.6) from Compaq to get it working on the machine with an
inbuilt NIC.  The card works but not in promisc mode.  Doing a "ifconfig
eth0 promisc" makes it look like its working in promiscuous mode but
really it isn't.  I confirmed this by running tcpdump alongside
snort...only sees broadcasts.  Another machine (an ibook with ver10) on
the same segment (same hub etc) running tcpdump also, confirms that it
can see all frames.  I'm stumped!...any ideas??

cheers
Peter


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been
virus scanned and although no viruses were detected by the system,
St Vincent's Hospital accepts no liability for any consequential
damage resulting from email containing any computer viruses.

**********************************************************************


-------------------------------------------------------
This sf.net email is sponsored by: Influence the future
of Java(TM) technology. Join the Java Community
Process(SM) (JCP(SM)) program now.
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


This email and its contents may be confidential.  If it is and you are
not
the intended recipient, please do not disclose or use the information
within
this email or its attachments.  If you have received this email in
error,
please delete it immediately.  Thank you.





**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been
virus scanned and although no viruses were detected by the system,
St Vincent's Hospital accepts no liability for any consequential
damage resulting from email containing any computer viruses.

**********************************************************************


--__--__--

Message: 2
From: "Michael Steele" <michaels () silicondefense com>
To: "'Florian Huber'" <florian.huber () mnet-online de>
Cc: <snort-users () lists sourceforge net>
Subject: RE: [Snort-users] Clean up/Reset Logs
Date: Sun, 3 Nov 2002 14:28:17 -0800

Florian,

Did you stop Snort prior to renaming the files?

Snort will create the files if they are absent. Try stopping snort then
move the files out then restart Snort.

 -Michael

 Michael Steele | System Engineer / Support Technician
 mailto:michaels () silicondefense com
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Florian
Huber
Sent: Sunday, November 03, 2002 10:13 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Clean up/Reset Logs

Hi,
can anyone tell me how to clean up/reset the snort logs ind
/var/log/snort/*?
I tried to rename the alert and the portscan.log file and create new
empty
ones,
but snort wrote to the renamed files (alert.old).
Is there a good solution? or do i have to remove the whole directory?

 TIA
    Florian Huber




-------------------------------------------------------
This SF.net email is sponsored by: ApacheCon, November 18-21 in
Las Vegas (supported by COMDEX), the only Apache event to be
fully supported by the ASF. http://www.apachecon.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





--__--__--

Message: 3
From: "Michael Steele" <michaels () silicondefense com>
To: <snort-users () lists sourceforge net>
Date: Sun, 3 Nov 2002 14:37:39 -0800
Subject: [Snort-users] RE: Snort/Log report software



 -Michael

 Michael Steele | System Engineer / Support Technician
 mailto:michaels () silicondefense com
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: Michael Steele [mailto:michaels () silicondefense com]=20
Sent: Sunday, November 03, 2002 2:37 PM
To: 'Zolla Zimmerman'
Subject: RE: [Snort-users] Snort/Log report software

Zolla,

You can send your logs into Security Focus and they can transform them
into a report for you, and it's free.

http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=3D=
1
59

 -Michael

 Michael Steele | System Engineer / Support Technician
 mailto:michaels () silicondefense com
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Zolla
Zimmerman
Sent: Friday, November 01, 2002 11:17 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort/Log report software

Hi All,

Is there any windows based reporting software available which can create
the=20
report in HTML format? The database will be MySQL on Linux but the
reporting=20
tool must be running on a Windows platform.

Any help or hint will be greatly appreciated.

TIA

Zolla

_________________________________________________________________
Unlimited Internet access for only $21.95/month.=A0 Try MSN!=20
http://resourcecenter.msn.com/access/plans/2monthsfree.asp



-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm=20
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users





--__--__--

Message: 4
From: "Michael Steele" <michaels () silicondefense com>
To: <snort-users () lists sourceforge net>
Date: Sun, 3 Nov 2002 14:38:15 -0800
Subject: [Snort-users] RE: Snort/Log report software

Zolla,

You can send your logs into Security Focus and they can transform them
into a report for you, and it's free.

http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=3D=
1
59

 -Michael

 Michael Steele | System Engineer / Support Technician
 mailto:michaels () silicondefense com
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Zolla
Zimmerman
Sent: Friday, November 01, 2002 11:17 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort/Log report software

Hi All,

Is there any windows based reporting software available which can create
the=20
report in HTML format? The database will be MySQL on Linux but the
reporting=20
tool must be running on a Windows platform.

Any help or hint will be greatly appreciated.

TIA

Zolla

_________________________________________________________________
Unlimited Internet access for only $21.95/month.=A0 Try MSN!=20
http://resourcecenter.msn.com/access/plans/2monthsfree.asp



-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm=20
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users





--__--__--

Message: 5
From: Frank Knobbe <fknobbe () knobbeits com>
To: snort-users () lists sourceforge net
Cc: snort-announce () lists sourceforge net
Date: 03 Nov 2002 17:40:13 -0600
Subject: [Snort-users] New SnortSam plugins and Mail List


--=-ej/DyYbv8Q4peZ43p5Xo
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


Greetings,

I promise this will be my last post for SnortSam stuff here. I wanted to
let you know that SnortSam has now two mail lists you can subscribe to.
One is an announcement list like snort-announce. The other is a
discussion list like snort-users. Please see
http://www.snortsam.net/maillist.asp for subscription information.

For those who missed it... The Netscreen plugin been finally released.
Thanks to Christopher Lyon for his assistance.

In addition, we now have an IPFilter plugin. Thanks to Erik Sneep for
writing it.

Furthermore, Thomas Maier started working on a Watchguard plugin. We
should have a working beta together soon.

And no stopping there... someone else is currently looking into a plugin
for the CyberGuard firewall. It looks like SnortSam is evolving into a
Swiss-Army knife for active blocking with Snort...

Regards,
Frank







--=-ej/DyYbv8Q4peZ43p5Xo
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iQCVAwUAPcWz3b+0ijK5TGa5AQLEAgQAzyW6km69KRBNRKpfVRp9KTf/o2NyvORH
3Sw7lbmk/QNvCF6LbJ1/PiWqHo3EKVH/FarnHr7WHcEhETmHzmhlHoMXBIYGk9bW
qrsRGdTI170bkAc5OSp2NLlx6TctcuKpFUgFlzHJm8cr8z9eHMA9+bcVS2JxifYZ
AH9MszzGg+g=
=hhEd
-----END PGP SIGNATURE-----

--=-ej/DyYbv8Q4peZ43p5Xo--



--__--__--

Message: 6
From: Security Admin <SecurityAdmin () hyprotech com>
To: 'NN C' <d8da () operamail com>
Cc: "'snort-users () lists sourceforge net'"
         <snort-users () lists sourceforge net>
Subject: RE: [Snort-users] Snort/Mysql/ACID/MS PWS help
Date: Sun, 3 Nov 2002 20:10:57 -0700

when using php under windows (IIS or PWS) you need to do ISAPI mappings
under the website. See the install doc onder PHP on how to do this. If the
webserver doesn't know what executable to use with a .php extension it will
look like it's working, then it will fail. www.silicondefense,com should
have some good docs on using acid for this undr windows. I know I had it
running myself, but on windows 2k server

-----Original Message-----
From: NN C [mailto:d8da () operamail com]
Sent: Friday, November 01, 2002 5:53 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort/Mysql/ACID/MS PWS help


I know most people do not like Microsoft and the Windows product line,
however, this is what I have to work with to learn.

I have installed:

Win98 SE
WinPcap 3.0.a
snort 1.9.0-win32
mysql 3.23.52
ACID 0.9.6b21
php 4.2.3
adodb 190
phplot 4.4.6
DBTools manager
Microsoft personal Web Server 4.0 for Windows 98
a few plugins...

all on dial-up (currently no NIc installed, but coming...)

I have ran several tests of snort to get familiar with the snort. After
successfuly installing mysql, I ran snort and get output in the databse.
QUESTION 1: how do you post process this information to read it before using
ACID?

I tried several things to get ACID going, but no success there. Is there any
information I skipped in google as to how to run ACID and snort and mysql
using the simple MS personal web server? I also downloaded apache for win32,
but before I go installing all this other stuff to play with my snort
results, I want to know I did everything possible with what I already have.

Help please... ( I am quickly becoming a linux baby, but for now it is
easier to learn in windows)

d8da


-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


--__--__--

Message: 7
From: "Robbins, Mark" <MRobbins () sf edu>
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Question about MSSQL
Date: Mon, 4 Nov 2002 07:48:03 -0500

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C28400.6A67A900
Content-Type: text/plain

Before you update to 1.9.0....
I don't think your problems have to do with an outdated version of the
schema. The errors you mention sound like the ones in the binary of 1.9.0,
and I'm not aware of anyone who has gotten it to work in this fashion
without editing the source and recompiling.

I had no such errors with previous versions. Make sure the binaries are
compiled for MSSQL (and not MySQL as well.)

Mark

-----Original Message-----
From: Erek Adams [mailto:erek () theadamsfamily net]
Sent: Saturday, November 02, 2002 7:21 AM
To: Don
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Question about MSSQL


On Sat, 2 Nov 2002, Don wrote:

> I'm getting just tons of errors
> is anyone suing this option yet with win2k server and mssql, snort
> build 1.8.6, i used the mssql-create script that came with the build,
> one problem

[...snip...]

One word:  UPDATE

1.9.0 [0] is out and 1.9.1 is coming 'real soon now'.  Some of the errors
that you are having are due to your schema being an older version. You'll
need to update your schema to the current version.  Since you're not using
it yet, I'd suggest blowing away the DB and starting over.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net

[0]     http://www.snort.org/dl/binaries/1.9.0/Snort-1.9.0-win32.exe



-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------_=_NextPart_001_01C28400.6A67A900
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>RE: [Snort-users] Question about MSSQL</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>Before you update to 1.9.0....</FONT>
<BR><FONT SIZE=3D2>I don't think your problems have to do with an =
outdated version of the schema. The errors you mention sound like the =
ones in the binary of 1.9.0, and I'm not aware of anyone who has gotten =
it to work in this fashion without editing the source and recompiling. =
</FONT></P>

<P><FONT SIZE=3D2>I had no such errors with previous versions. Make =
sure the binaries are compiled for MSSQL (and not MySQL as =
well.)</FONT>
</P>

<P><FONT SIZE=3D2>Mark</FONT>
</P>

<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Erek Adams [<A =
HREF=3D"mailto:erek () theadamsfamily net">mailto:erek () theadamsfamily net</=
A>] </FONT>
<BR><FONT SIZE=3D2>Sent: Saturday, November 02, 2002 7:21 AM</FONT>
<BR><FONT SIZE=3D2>To: Don</FONT>
<BR><FONT SIZE=3D2>Cc: snort-users () lists sourceforge net</FONT>
<BR><FONT SIZE=3D2>Subject: Re: [Snort-users] Question about =
MSSQL</FONT>
</P>
<BR>

<P><FONT SIZE=3D2>On Sat, 2 Nov 2002, Don wrote:</FONT>
</P>

<P><FONT SIZE=3D2>&gt; I'm getting just tons of errors</FONT>
<BR><FONT SIZE=3D2>&gt; is anyone suing this option yet with win2k =
server and mssql, snort </FONT>
<BR><FONT SIZE=3D2>&gt; build 1.8.6, i used the mssql-create script =
that came with the build, </FONT>
<BR><FONT SIZE=3D2>&gt; one problem</FONT>
</P>

<P><FONT SIZE=3D2>[...snip...]</FONT>
</P>

<P><FONT SIZE=3D2>One word:&nbsp; UPDATE</FONT>
</P>

<P><FONT SIZE=3D2>1.9.0 [0] is out and 1.9.1 is coming 'real soon =
now'.&nbsp; Some of the errors that you are having are due to your =
schema being an older version. You'll need to update your schema to the =
current version.&nbsp; Since you're not using it yet, I'd suggest =
blowing away the DB and starting over.</FONT></P>

<P><FONT SIZE=3D2>Cheers!</FONT>
</P>

<P><FONT SIZE=3D2>-----</FONT>
<BR><FONT SIZE=3D2>Erek Adams</FONT>
<BR><FONT SIZE=3D2>Nifty-Type-Guy</FONT>
<BR><FONT SIZE=3D2>TheAdamsFamily.Net</FONT>
</P>

<P><FONT SIZE=3D2>[0]&nbsp;&nbsp;&nbsp;&nbsp; <A =
HREF=3D"http://www.snort.org/dl/binaries/1.9.0/Snort-1.9.0-win32.exe"; =
TARGET=3D"_blank">http://www.snort.org/dl/binaries/1.9.0/Snort-1.9.0-win=
32.exe</A></FONT>
</P>
<BR>
<BR>

<P><FONT =
SIZE=3D2>-------------------------------------------------------</FONT>
<BR><FONT SIZE=3D2>This sf.net email is sponsored by: See the NEW Palm =
</FONT>
<BR><FONT SIZE=3D2>Tungsten T handheld. Power &amp; Color in a compact =
size! <A =
HREF=3D"http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en"; =
TARGET=3D"_blank">http://ads.sourceforge.net/cgi-bin/redirect.pl?palm000=
1en</A></FONT>
<BR><FONT =
SIZE=3D2>_______________________________________________</FONT>
<BR><FONT SIZE=3D2>Snort-users mailing list</FONT>
<BR><FONT SIZE=3D2>Snort-users () lists sourceforge net</FONT>
<BR><FONT SIZE=3D2>Go to this URL to change user options or =
unsubscribe: <A =
HREF=3D"https://lists.sourceforge.net/lists/listinfo/snort-users"; =
TARGET=3D"_blank">https://lists.sourceforge.net/lists/listinfo/snort-use=
rs</A></FONT>
<BR><FONT SIZE=3D2>Snort-users list archive: <A =
HREF=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users"; =
TARGET=3D"_blank">http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-u=
sers</A></FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C28400.6A67A900--


--__--__--

Message: 8
From: "Nathan Whitehouse" <nwhitehouse () compendiumusa net>
To: <snort-users () lists sourceforge net>
Date: Mon, 4 Nov 2002 09:04:20 -0500
Subject: [Snort-users] Mysql cleanup script?

Dose anyone have a Mysql cleanup script?
Something I can run once a week or month to clean out my Mysql database for
snort alerts.

Thanks

Nathan Whitehouse
Network Operations & Systems Administrator
CompEndium Services Inc.
Main 877-709-2667
Local 678-985-5678
Direct 770-822-6697



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.408 / Virus Database: 230 - Release Date: 10/24/2002




--__--__--

Message: 9
From: John McCain <jmccain () layer3al com>
To: snort-users () lists sourceforge net
Date: 04 Nov 2002 09:08:57 -0600
Subject: [Snort-users] rule for detecting Raptor denial of service

Does anyone know if a rule exists for the vulnerability discussed here:

http://www.nwfusion.com/news/2002/1016symsec.html

and
here:http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2002101807105854?OpenDocument&src=ent_hot&dtype=corp&tpre=

Further, does anyone know if Symantec's patch for this vulnerability has
been verified to work?






--__--__--

Message: 10
From: "Parker, Ian" <parker.ian () syncrude com>
To: "'snort-users () lists sourceforge net'"
         <snort-users () lists sourceforge net>
Date: Mon, 4 Nov 2002 09:30:30 -0700
Subject: [Snort-users] Logging to Remote Syslog and ACID Console

Is it possible to send alerts to both a remote Syslog server and a remote
ACID console? I can do one or the other, but if I specify the -s switch in
the command line, it overrides the output plug-in for MySQL in the config
file. The config file does not seem to allow you to specify a remote Syslog
server. I suppose I could set up a local Syslog server and have it forward
stuff to the remote daemon but I'd like to avoid that complication if
possible.

Ian Parker, GCWN

Senior Systems Analyst
Upgrading Plant Computing
Syncrude Canada Ltd

(780)790-4631
parker.ian () syncrude com



--__--__--

Message: 11
Date: Mon, 4 Nov 2002 09:29:48 -0800 (PST)
From: twig les <twigles () yahoo com>
Subject: Re: [Snort-users] Logging to Remote Syslog and ACID Console
To: "Parker, Ian" <parker.ian () syncrude com>,
  "'snort-users () lists sourceforge net'" <snort-users () lists sourceforge net>

You don't specify the remote syslog server in the
snort.conf file or in the command line.  Lose the -s,
use snort.conf to tell snort to syslog the stuff, then
edit /etc/syslog.conf to use the correct server.


--- "Parker, Ian" <parker.ian () syncrude com> wrote:
> Is it possible to send alerts to both a remote
> Syslog server and a remote
> ACID console? I can do one or the other, but if I
> specify the -s switch in
> the command line, it overrides the output plug-in
> for MySQL in the config
> file. The config file does not seem to allow you to
> specify a remote Syslog
> server. I suppose I could set up a local Syslog
> server and have it forward
> stuff to the remote daemon but I'd like to avoid
> that complication if
> possible.
>
> Ian Parker, GCWN
>
> Senior Systems Analyst
> Upgrading Plant Computing
> Syncrude Canada Ltd
>
> (780)790-4631
> parker.ian () syncrude com
>
>
>
>
-------------------------------------------------------
> This SF.net email is sponsored by: ApacheCon,
> November 18-21 in
> Las Vegas (supported by COMDEX), the only Apache
> event to be
> fully supported by the ASF. http://www.apachecon.com
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
Heavy metal made me do it.
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/



--__--__--

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest


_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp 



-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: