NIDS newbie question

["Concordio M. Pajayat, Jr." <conpaj () pilnet com>]

hi all!

i'm a newbie in NIDS, so sorry if this question have already been asked. i
successfully installed snort together with barnyard.
i am using the unified log ouput on snort and barnyard successfully
converted it to readable format, however, the ip addresses on the alert
logfile generated by barnyard were in reversed format. see below:
------------------------------------------------------------------------
05/10/02-10:54:26.660798  {ICMP} 11.0.168.192 -> 11.0.0.10
[**] [1:376:4] ICMP PING Microsoft Windows [**]
[Classification: Misc activity] [Priority: 3]
[Xref => http://www.whitehats.com/info/IDS159]
------------------------------------------------------------------------

how do i forced either snort or barnyard to log those ip addresses in
correct format? i am also running a perl script (guardian) that collects
ip addresses on the alert logfile for dynamic blocking of offending ip
address on our firewall.
any inputs or suggestions would be appreciated.

tia

concordio m. pajayat, jr.
open source technology enthusiast
pilipino internet, inc.
conpaj at PILNET dot COM

[  Sent through PILNET WebMail System - http://webmail.pilnet.com/  ]
[  "Go beyond the quest for information!"  -  http://www.pilnet.com/   ]



_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users