[Dshield] Are these log lines right?

Johannes B. Ullrich jullrich at euclidian.com
Wed Aug 8 14:44:17 GMT 2001

> 2001-08-07 14:27:33 -04:00	99184672	1	0	0	0	50

This does not look right. The source/target IP and port is missing.
Make sure you use the right Snort parser for the type of log you are
parsing. Snort uses a variety of different output formats (syslog, full,
portscan, XML ...)

jullrich at sans.org                    Join http://www.DShield.org
                                     Distributed Intrusion Detection System

More information about the list mailing list