Snort mailing list archives

Snort For logging and auditing

From: Ryan Hudson <zrhudson () hotmail com>
Date: Wed, 21 Mar 2012 12:21:17 +1100


Hey all,
I have a mainframe which houses an application 
accessed over telnet, the app is accessed by most of my staff and 
auditing access is extremely poor.  Instead 
of paying a bucket load of cash to modify the system  I am wondering if I
 can use snort to log all of the ascii content to and from the 
mainframe so we can audit access at a later date if required.  Somewhat of a poor mans auditing solution I am hoping to 
figure out a solution which will log the ascii from the tn3270 traffic 
to a DB.   Have done a bit of searching but have had no luck so far.

Your thoughts?

------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here 
http://p.sf.net/sfu/sfd2d-msazure

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort For logging and auditing Ryan Hudson (Mar 21)
- Re: Snort For logging and auditing Jeremy Hoel (Mar 21)