[OT] - Mysql logging, iptables, snort and you...

["Bob McDowell" <bmcdowell () coxhealthplans com>]

In short:  If anyone is as crazy as I am and would benefit from my recent
breakthrough, send me a note and I'll share with you my findings.  Sorry
this is not strictly a snort issue, but it is somewhat related.

Long story:  I'm currently forwarding my syslogs from all of my snort boxes,
firewalls, Windows servers, etc. to a single mysql database.  I've been
struggling with getting anything useful out of it (a report would be nice)
and have been afraid to get some sort of tool because of the disparity
between entries in the 'message' field.  This afternoon I finally plodded my
way through getting mysql to 'read' the 'message' field out of syslog and
split the pertinent data into the correct fields.  Iptables works great and
tomorrow I'll be adding snort, ISA, etc.

If anyone is interested, please drop me a line and I'll send you the sql
script I use to do it (or what I have so far for iptables at least).



Bob McDowell
IS Specialist
Cox HealthPlans, LLC
417.269.2848