Snort mailing list archives
Re: What do you with scan alerts
From: "Charles Darwin" <darwin () netmadeira com>
Date: Fri, 21 Feb 2003 06:07:19 -0000
There are mainly two: SecurityFocus and Dshield. I'm currently sending mine to DeepSight Analyzer ( http://analyzer.securityfocus.com/ ). In fact it's their "Exctractor" that does that in a scheduled basis. They have a very useful notify tool, among other stuff, that you can use to notify ISPs about the incidents at your site., and they support Snort log format. I would like to send the logs also to Dshield, but I still don't know how to format them easily in order to send them there. If nothing more appears maybe I'll make some VB application to do this format automatically, using the Dshield specifications, but I'm short in time currently. :-\ Here is the perl script to do this: http://www1.dshield.org/clients/dshield_snort.pl Dshield web site: http://www.dshield.org and Dshield specifications for the format: http://www.dshield.org/specs.html DShield now also have the option to fight back attackers from your logs. Hope this help. Best regards, Paulo Santos Perneta <pperneta () netmadeira com> ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- What do you with scan alerts pro0digy (Feb 18)
- Re: What do you with scan alerts Erick Mechler (Feb 19)
- Re: What do you with scan alerts Charles Darwin (Feb 20)