Snort mailing list archives

Previous By Date Next
Previous By Thread Next

May be slightly off topic but...

From: "Taylor, Graham" <GrahamTaylor () michaelpage com>
Date: Mon, 21 Oct 2002 14:46:45 +0100
People,
        I am using snort and ACID, I am trying to sort the alerts for a
particular ip address by the sensor and alert number below is a selection of
the alerts

#50-(7-10290)        (60)Unknown Sig Name        2002-10-21 11:05:52
194.235.194.178:4607        172.16.100.10:80        TCP     
#51-(7-10291)        (60)Unknown Sig Name        2002-10-21 11:05:52
194.235.194.178:4608        172.16.100.10:80        TCP     
#52-(7-10288)        (60)Unknown Sig Name        2002-10-21 11:05:52
194.235.194.178:4606        172.16.100.10:80        TCP     
#53-(7-10289)        (60)Unknown Sig Name        2002-10-21 11:05:52
172.16.100.10:80        194.235.194.178:4606        TCP     
#54-(7-10287)        WEB-CGI GIF89a        2002-10-21 11:05:52
194.235.194.178:4603        172.16.100.10:80        TCP    



The number I wish to sort on is the (7-102xx) I was hoping that one of you
guys more used to using Snort/Acid could give me an idea as to how to do
this :)


Thanks
 

Graham Taylor

Business Continuity & Security
Michael Page International
39-41 Parker Street
London WC2B 5LN
Tel:    +44 020 7269 2378
Fax:    +44 020 7405 4230
Mobile: +44 787 041 2479
mailto:graham () michaelpage com <mailto:graham () michaelpage com> 

This message and any attachments to it is intended only for the individual
or company to which it is addressed and may contain information which is
privileged, confidential or prohibited from disclosure or unauthorised use.
If the recipient of this transmission is not the intended recipient, or the
employee or agent responsible for delivering such materials to the intended
recipient, you are hereby notified that any use, any form of reproduction,
dissemination, copying, disclosure, modification, distribution and/or
publication of this e-mail message or its attachments other than by its
intended recipient is strictly prohibited by the sender.  If you have
received it in error, please return it to the sender and destroy the message
and/or copies in your possession.
Previous By Date Next
Previous By Thread Next

Current thread: