Snort + iptables

[Bradley M Alexander <storm () tux org>]

Hi gang,

Given a home user's situation (or at least this particular home user's
situation), I have a single point to the outside world, a Linux firewall
running 2.4.5. and iptables.

I am currently on cablemodem (but when I move, its to dialup country). Its
not really feasable for me, especially on a dialup, to place a Snort sensor
on the outside of the firewall.

I know that Alexander Newald has written Snort2IPTables, but I am less
interested in an automated response than I am in capturing packets in my
snort db. Is there a way to assimilate iptables logs into the Snort
databese? I use gShield and a very restrictive ruleset, and I would like to
also see the things that iptables/gShield is dropping. Is there a way to do
this?

N.B. Jim, beat ya to the punch. :)

Thanks,
-- 
--Brad
============================================================================
Bradley M. Alexander, CISSP              |   Co-Chairman,
Beowulf System Admin/Security Specialist |    NoVALUG/DCLUG Security SIG
Debian/GNU Linux Developer               |   storm () debian org
                                         |   storm () tux org
============================================================================
The enemy invariably attacks on two occasions:
     a. when you're ready for them.
     b. when you're not ready for them.
                                                --Murphy's Laws of Combat

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users