Snort mailing list archives
Looking for those who use LogSnorter
From: "Michael Shirk" <shirkdog_linux () hotmail com>
Date: Thu, 11 Mar 2004 12:28:40 -0500
Linux Kernel 2.6.3 Monolithic Mysql 4.0.17 Acid 0.9.6b23 Snort 2.1.1 iptables 1.2.8 and IPKUNGFU 0.5.1 that generated the rules with Logsnorter 0.2I was following a howto provided by SANS.org What I noticed is that nothing was being imported in the probes database as I had called it. I changed my already working snort to input into this new database and use acid to view it. The permissions for mysql check out and I saw alerts in the database. Back to the logsnorter script, I noticed that there is some code missing in the iptables subroutine. Even though I used IPKUNGFU for my initial rule generation, this problem would affect anyone who used a log prefix to add a comment to the syslog messages. Messing around I got the script to parse my syslog messages, however, it only outputed them to the STDOUT and not the database. The only info I have seen on logsnorter was how someone had someone else fix the subroutine to work with IP tables. I will continue to work on it and see if anyone can point me in the right direction to input the Firewall logs into acid.
Thanks, Michael Shirk http://www.shirkdog.us _________________________________________________________________Store more e-mails with MSN Hotmail Extra Storage 4 plans to choose from! http://click.atdmt.com/AVE/go/onm00200362ave/direct/01/
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Looking for those who use LogSnorter Michael Shirk (Mar 11)