Snort/Logsnorter/PureSecure Cisco ACL's

[Dave Lewis <dlewis () dsl-co com>]

Has anyone had any experience with Cisco Access Lists and Snort's LogSnorter.

I've been trying and all I'm having is problems.

Everytime I run the log snorter it comes back with

logsnorter: Error line 1. Cisco error line 1: doesn't match known type: Nov 12
00:11:03 c4700 3062: *Nov 12 00:09:21 EST: %SEC-6-IPACCESSLOGP: list 185 denied
tcp XX.XX.XXX.XXX(52076) -> YY.YY.YYY.YYY(135), 2 packets

(obviously the XX and YY would normally be ip's)

and does this for every line.. suggestions ?

I'm a little bit of a newbie to snort ... but my config for the logsnorter has
this..


$db_server = 'localhost';
$db_database = 'IDS';
$db_usercode = 'USER';
$db_password = 'XXXXXXXXXX';

$DB_TYPE="mysql";

$cisco_interface['c4700',185]="Ethernet0";



where the interface that my access list is on is eth0 and
the access lists is 185.  c4700 I assumed as the name
that shows in the routers logs files.  ???


Suggestions would be much appreciated..


Dave
        




-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users