Snort mailing list archives
Snort/Logsnorter/PureSecure Cisco ACL's
From: Dave Lewis <dlewis () dsl-co com>
Date: Thu, 13 Nov 2003 23:42:13 -0500
Has anyone had any experience with Cisco Access Lists and Snort's LogSnorter. I've been trying and all I'm having is problems. Everytime I run the log snorter it comes back with logsnorter: Error line 1. Cisco error line 1: doesn't match known type: Nov 12 00:11:03 c4700 3062: *Nov 12 00:09:21 EST: %SEC-6-IPACCESSLOGP: list 185 denied tcp XX.XX.XXX.XXX(52076) -> YY.YY.YYY.YYY(135), 2 packets (obviously the XX and YY would normally be ip's) and does this for every line.. suggestions ? I'm a little bit of a newbie to snort ... but my config for the logsnorter has this.. $db_server = 'localhost'; $db_database = 'IDS'; $db_usercode = 'USER'; $db_password = 'XXXXXXXXXX'; $DB_TYPE="mysql"; $cisco_interface['c4700',185]="Ethernet0"; where the interface that my access list is on is eth0 and the access lists is 185. c4700 I assumed as the name that shows in the routers logs files. ??? Suggestions would be much appreciated.. Dave ------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort/Logsnorter/PureSecure Cisco ACL's Dave Lewis (Nov 13)
- <Possible follow-ups>
- Re: Snort/Logsnorter/PureSecure Cisco ACL's Michael Scheidell (Nov 17)
- Re: Snort/Logsnorter/PureSecure Cisco ACL's Dave Lewis (Nov 21)