Looking for those who use LogSnorter

["Michael Shirk" <shirkdog_linux () hotmail com>]

Linux Kernel 2.6.3 Monolithic
Mysql 4.0.17
Acid 0.9.6b23
Snort 2.1.1
iptables 1.2.8 and IPKUNGFU 0.5.1 that generated the rules
with
Logsnorter 0.2

I was following a howto provided by SANS.org What I noticed is that nothing 
was being imported in the probes database as I had called it. I changed my 
already working snort to input into this new database and use acid to view 
it. The permissions for mysql check out and I saw alerts in the database. 
Back to the logsnorter script, I noticed that there is some code missing in 
the iptables subroutine. Even though I used IPKUNGFU for my initial rule 
generation, this problem would affect anyone who used a log prefix to add a 
comment to the syslog messages. Messing around I got the script to parse my 
syslog messages, however, it only outputed them to the STDOUT and not the 
database. The only info I have seen on logsnorter was how someone had 
someone else fix the subroutine to work with IP tables. I will continue to 
work on it and see if anyone can point me in the right direction to input 
the Firewall logs into acid.

Thanks,
Michael Shirk

http://www.shirkdog.us

_________________________________________________________________
Store more e-mails with MSN Hotmail Extra Storage – 4 plans to choose from! 
http://click.atdmt.com/AVE/go/onm00200362ave/direct/01/



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users