Re: upgraded some tools (snortplot)

[Angelos Karageorgiou <angelos () invan gr>]

On Thu, 25 Oct 2001, Martin Roesch wrote:

> Date: Thu, 25 Oct 2001 09:37:11 -0400
> From: Martin Roesch <roesch () sourcefire com>
> To: angelos () iqs gr
> Cc: snort-list <snort-users () lists sourceforge net>
> Subject: Re: [Snort-users] upgraded some tools (snortplot)
>
> Angelos Karageorgiou wrote:
> > I have been trying to make heads and tails of the new logging scheme,
> >  which is totally unclean btw, and came up with the 3rd version of
> > snortlog3.pl
> > and a brand new rewrite for snortplot.
>
> Which logging scheme is unclean?  DB?  Unified?  Syslog?  What??

oh you have gone so far :-) 

Well the syslog version is really tough to apply a regex onto it 
to normalize the output, Expect that some of the scripts will be broken

It is not so much a snort problem more like a problem of the people who 
write the rules, they do not have a consistent logging scheme for the
errors they display. So sometimes you have warings in square brackets
other times two warnings in square brackets etc.

Oh well we cannot keep everybody satisfied.

> Cool stuff Angelos!

Thanks Marty, are you folks planning to create a NIDS box much like 
the people at NFR did ? You know, plug it in, let it churn 
get the logs an process them , it could sell well as a device!



-- 
Angelos Karageorgiou  CTO IQS SA


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users