Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort For logging and auditing

From: Jeremy Hoel <jthoel () gmail com>
Date: Wed, 21 Mar 2012 21:10:53 +0000
Well you can use deamonlogger or cxtracker to do pcap dumps.. you
could then write a BPF filter to only get that traffic.

It could go to pcap and not a DB.

On Wed, Mar 21, 2012 at 1:21 AM, Ryan Hudson <zrhudson () hotmail com> wrote:

Hey all,


I have a mainframe which houses an application accessed over telnet, the app
is accessed by most of my staff and auditing access is extremely poor.

Instead of paying a bucket load of cash to modify the system  I am wondering
if I can use snort to log all of the ascii content to and from the mainframe
so we can audit access at a later date if required.  Somewhat of a poor mans
auditing solution I am hoping to figure out a solution which will log the
ascii from the tn3270 traffic to a DB.



Have done a bit of searching but have had no luck so far.


Your thoughts?


------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!


------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here 
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: