Snort mailing list archives
[OT] - Mysql logging, iptables, snort and you...
From: "Bob McDowell" <bmcdowell () coxhealthplans com>
Date: Wed, 12 Feb 2003 18:46:15 -0600
In short: If anyone is as crazy as I am and would benefit from my recent breakthrough, send me a note and I'll share with you my findings. Sorry this is not strictly a snort issue, but it is somewhat related. Long story: I'm currently forwarding my syslogs from all of my snort boxes, firewalls, Windows servers, etc. to a single mysql database. I've been struggling with getting anything useful out of it (a report would be nice) and have been afraid to get some sort of tool because of the disparity between entries in the 'message' field. This afternoon I finally plodded my way through getting mysql to 'read' the 'message' field out of syslog and split the pertinent data into the correct fields. Iptables works great and tomorrow I'll be adding snort, ISA, etc. If anyone is interested, please drop me a line and I'll send you the sql script I use to do it (or what I have so far for iptables at least). Bob McDowell IS Specialist Cox HealthPlans, LLC 417.269.2848
Current thread:
- [OT] - Mysql logging, iptables, snort and you... Bob McDowell (Feb 12)