Snort mailing list archives
NIDS newbie question
From: "Concordio M. Pajayat, Jr." <conpaj () pilnet com>
Date: Sun, 12 May 2002 20:14:59 +0800 (PHT)
hi all! i'm a newbie in NIDS, so sorry if this question have already been asked. i successfully installed snort together with barnyard. i am using the unified log ouput on snort and barnyard successfully converted it to readable format, however, the ip addresses on the alert logfile generated by barnyard were in reversed format. see below: ------------------------------------------------------------------------ 05/10/02-10:54:26.660798 {ICMP} 11.0.168.192 -> 11.0.0.10 [**] [1:376:4] ICMP PING Microsoft Windows [**] [Classification: Misc activity] [Priority: 3] [Xref => http://www.whitehats.com/info/IDS159] ------------------------------------------------------------------------ how do i forced either snort or barnyard to log those ip addresses in correct format? i am also running a perl script (guardian) that collects ip addresses on the alert logfile for dynamic blocking of offending ip address on our firewall. any inputs or suggestions would be appreciated. tia concordio m. pajayat, jr. open source technology enthusiast pilipino internet, inc. conpaj at PILNET dot COM [ Sent through PILNET WebMail System - http://webmail.pilnet.com/ ] [ "Go beyond the quest for information!" - http://www.pilnet.com/ ] _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- NIDS newbie question Concordio M. Pajayat, Jr. (May 12)