Snort mailing list archives
RE: RE: arachNIDS, CVE, bugtraq
From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Wed, 20 Nov 2002 13:05:21 -0500
IDScenter does not use plugins. Instead, it actively monitors the Snort alert log file (i.e., alert.ids) looking for changes. When Snort updates the alert.ids file, IDScenter notes the change and generates an e-mail notification message, attaching the last 'n' line of the alert.ids file to the message. Since I do not have any installed database to support Snort (e.g., MySQL), I use the "-G url" option so that I can quickly click on the hyperlink that appears in the IDScenter e-mail message. Without the "-G url" option, the text in the alert.ids required more "thought" on my part to obtain the alert reference details. *SUPPOSEDLY* IDScenter can monitor a MySQL Snort database, but w/o an installation of MySQL, I don't know if I'll get the same information in the notification e-mail messages or not. This is a Win32 installation of Snort. Do you know of any other Win32 based agents for monitoring Snort? Agents that do not require a web server? - Christopher -----Original Message----- From: Andrew R. Baker [mailto:andrewb () snort org] Sent: Tuesday, November 19, 2002 12:58 PM To: L. Christopher Luther Cc: 'snort-users () lists sourceforge net' Subject: Re: [Snort-users] RE: arachNIDS, CVE, bugtraq L. Christopher Luther wrote:
Hack or not, it's been a useful feature when one is using IDScenter. What, if anything, will "-G" be replaced with???
All of the output plugins should support displaying reference information natively. The "-G" hack is being removed because it was used to change the signature message itself to include reference details before output plugins supported them. What output plugin does IDScenter require? -A
Current thread:
- arachNIDS, CVE, bugtraq Jay Archibald (Nov 15)
- Re: arachNIDS, CVE, bugtraq Jens Krabbenhoeft (Nov 15)
- <Possible follow-ups>
- RE: arachNIDS, CVE, bugtraq L. Christopher Luther (Nov 15)
- Re: RE: arachNIDS, CVE, bugtraq Brian (Nov 16)
- RE: RE: arachNIDS, CVE, bugtraq L. Christopher Luther (Nov 18)
- Re: RE: arachNIDS, CVE, bugtraq Andrew R. Baker (Nov 19)
- RE: RE: arachNIDS, CVE, bugtraq L. Christopher Luther (Nov 20)