[Dshield] Are these log lines right?

Johannes B. Ullrich jullrich at euclidian.com
Wed Aug 8 14:44:17 GMT 2001


> 2001-08-07 14:27:33 -04:00	99184672	1	0	0	0	50	24.116.83.4:3752

This does not look right. The source/target IP and port is missing.
Make sure you use the right Snort parser for the type of log you are
parsing. Snort uses a variety of different output formats (syslog, full,
portscan, XML ...)

-- 
-------
jullrich at sans.org                    Join http://www.DShield.org
                                     Distributed Intrusion Detection System





More information about the list mailing list