Snort mailing list archives
Re: IDMEF plugin for snort 2.6?
From: "(infor) urko zurutuza" <uzurutuza () eps mondragon edu>
Date: Mon, 23 Jul 2007 08:42:53 +0200
You could also log your alarms to Prelude-ids, which relies precisely in IDMEF. URko
-----Mensaje original----- De: snort-users-bounces () lists sourceforge net [mailto:snort-users- bounces () lists sourceforge net] En nombre de Justin Heath Enviado el: domingo, 22 de julio de 2007 23:23 Para: Jochen Kaiser CC: snort-users () lists sourceforge net Asunto: Re: [Snort-users] IDMEF plugin for snort 2.6? I don't know of anything up to date. However, if I had to do something similar I would use the unified OR unified2 output and create the idmef message from there. Cheers, Justin On 7/22/07, Jochen Kaiser <Jochen.Kaiser () rrze uni-erlangen de> wrote:Hi, I need IDMEF output from snort for a research project. Since the IDMEF plugin is a diff against 2.4.4 my question: is thereanotherplugin or method available from anyone? Maybe there is a IDMEF proxy which gets a stream of events angeneratesIDMEF messages? I would like a direct IDMEF output from snort. At the moment I querytheACID-SQL-database for certain events and generate an IDMEF message. Any ideas, hints? regards, JK
---------------------------------------------------------------------
----This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and abrowser.Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-----------------------------------------------------------------------
-- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a
browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IDMEF plugin for snort 2.6? Jochen Kaiser (Jul 22)
- Re: IDMEF plugin for snort 2.6? Justin Heath (Jul 22)
- Re: IDMEF plugin for snort 2.6? (infor) urko zurutuza (Jul 23)
- Re: IDMEF plugin for snort 2.6? Justin Heath (Jul 22)