Re: Snort and ARIS Extractor

[Demetri Mouratis <dmourati () cm math uiuc edu>]

I found this site the other day and registered with them as well.  I
uploaded my /var/log/snort/alert file to them and was able to check my
logs via the web site.  If you are logging only to mysql, you may need to
change your snort.conf to add an entry for regular (non-database) logging.
The snort faq coveres logging to multiple places.  Hope this helps.  

On Wed, 24 Oct 2001, Mike Walter wrote:

> Hello,
>       I am sure someone has covered this, but I can't seem to find it.  I downloaded and registered with ARIS so I 
> could upload my logs.  I am logging to mySQL, and thought I could just use the portscan.log with the ARIS extractor.  
> This does not seem to be the case.  How do I log snort to mySQL and to the proper file format so I could run the ARIS 
> extractor?  Thanks in advance.
>
> Mike Walter,
> 3z.net a PCD Company,
> PCD Network Solutions, Inc,
> "When Success the Only Solution  t h i n K  3z.net"
> www.pcdnet.net
> www.3z.net
>
>
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list

---------------------------------------------------------------------
Demetri Mouratis
dmourati () linfactory com


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users