Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: XML Log parsers

From: "Sleepy" <sleepy () maximumunix org>
Date: Thu, 21 Nov 2002 05:58:47 -0800
Hi,
This is good.

    thanks

First I have some queries.
1. From wher it is picking up alerts --- syslog or
MYSQL. If from sysolg then convert is into MYSQL.

       No, this is not from syslog, this is from the XML logs generated by
snort(in the logging section down in the snort.conf file)
    I can change it to connect to MySQL and get the data just like ACID,
except that I rather finish the XML format first. Maybe I ll do the MySQL
next release.
  does anyone know of win32 ACID like application?


2. Can it be made in such a way so that it can show
the  alerts with the summary attached so that the user
come to know about it.

 I dont understand what you mean by "summary" ? I am parsing the log file.
if you are talking about the alerts file and portscans then the answer is I
dont know yet.


3. Can it send email alerts if some specific alert is
generated.

   No, but someone is supposed to open the log and be looking at it, if you
guys think you should right click on an event and send it through email then
tell me and I ll work on it.



Thanks and Regards,

Atul Shrivastava


--- Sleepy <sleepy () maximumunix org> wrote:

Yes , I have a screenshot, go to


http://www.maximumunix.org/images/ScreenShotSnort.jpg


the only part left from the Grid is converting the
References to URL's,
should  be pretty easy.
it is fairly simple to make this project the next
ACID, I just wanna know if
people would like to have such a win32 utility,
please send all your
comments, thoughts and flame :-)

Cheers

----- Original Message -----
From: "Jacob Redding" <dextor () wiredgeek com>
To: "Sleepy" <sleepy () maximumunix org>
Cc: <snort-users () lists sourceforge net>
Sent: Wednesday, November 20, 2002 7:52 PM
Subject: Re: [Snort-users] XML Log parsers



  Do you have any examples of the output it

produces? (screenshots, sample

web page).

-Jacob

On Wed, 20 Nov 2002, Sleepy wrote:


Hello everyone :

 my first post on the snort mailing list. great

tools, thanks to
everyone who made is happen.

I was curious if there are parsers or log

viewers for XML logs produced
by snort? if the xml output format is popular? if
people would like to have
such a tool if it doesnt already exist?


I wrote such a thing, it is still in the work, I

am planning on
continuing developing it if people needs such a
thing. it is Win32 based but
can be easily ported to linux ( Borland is my DE)


I appreciate any and all feedbacks.

Thanks

sleepy









-------------------------------------------------------

This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or
unsubscribe:


https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:


http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====

Regards and have a nice day,

                           Atul Shrivastava






__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: