[Dshield] Are these log lines right?
Johannes B. Ullrich
jullrich at euclidian.com
Wed Aug 8 14:44:17 GMT 2001
> 2001-08-07 14:27:33 -04:00 99184672 1 0 0 0 50 220.127.116.11:3752
This does not look right. The source/target IP and port is missing.
Make sure you use the right Snort parser for the type of log you are
parsing. Snort uses a variety of different output formats (syslog, full,
portscan, XML ...)
jullrich at sans.org Join http://www.DShield.org
Distributed Intrusion Detection System
More information about the list