iplog

["Dan Mahoney, System Admin" <danm () prime gushi org>]

Hi all.  It seems to me that since iplog can both listen promiscuously on
an interface like snort can and that since it specializes in detection of
things snort NOT good at (i.e. stateful detections like portscans,
pingfloods, smurfs, etc), that there should be some way to use iplog as
(A) either a preprocessor of sorts or (B) There should be a way to use
logsnorter to suck in the logs from iplog.

I don't see logsnorter around anymore, I can't find it.  But is there some
way to accomplish this, and have them BOTH show up in ACID?

-Dan

--

"Don't try to out-wierd me.  I get stranger things than you free with my
breakfast cereal."

-Button seen at I-CON XVII (and subsequently purchased)

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Web: http://prime.gushi.org
finger danm () prime gushi org
for pgp public key and tel#
---------------------------




-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users