[Dshield] test of dshield_snort.pl gives nothing

Kenneth McKinlay kmckinlay at home.com
Thu Aug 9 01:00:59 GMT 2001


Johannes et al.,

If you want, I am willing to look at the dshield_snort.pl routine and 
attempt to get it to handle both the fast and the full log formats.

At the office I have access to both Snort 1.7 and 1.8 formats and I 
can easily set it up to gather a lot of traffic from my internal 
network so I have a good sample for processing.

Also, I sort of want to start using Snort to handle the feed to 
Dshield so this is a good reason to ignore the users and do something 
worth while. :-)

Ken McKinlay, GCIA
Ottawa, Canada


From:           	"Johannes B. Ullrich" <jullrich at euclidian.com>
To:             	<dshield at dshield.org>
Subject:        	RE: [Dshield] test of dshield_snort.pl gives nothing
Send reply to:  	dshield at dshield.org
	<mailto:dshield-request at dshield.org?subject=subscribe>
	<mailto:dshield-request at dshield.org?subject=unsubscribe>
Date sent:      	Wed, 8 Aug 2001 17:40:25 -0400 (EDT)

> 
> Coudl one of you please send me a quick log sample so I can do some
> debugging here?
> 
> 
> On Wed, 8 Aug 2001, Eric Rosander wrote:
> 
> > I just decided to test this out for myself and got the same results.
> >  The email has the correct submission Subject line, etc., but the
> > email body is completely blank.  No data.  It may not be reading the
> > 1.8p1 alerts correctly?  Unfortunately I am not a perl expert, just
> > a leach.  Anyone else want to take a stab at it?
> >
> > Eric Rosander
> > erosander at matrixns.com
> >
> > -----Original Message-----
> > From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On
> > Behalf Of Matt Harrell Sent: Tuesday, August 07, 2001 11:09 AM To:
> > dshield at dshield.org Subject: [Dshield] test of dshield_snort.pl
> > gives nothing
> >
> >
> > I'm finally getting around to setting up the Dshield script for
> > Snort on my Linux security box.  When I do a test run, sending the
> > e-mail to myself, I get the correct subject line, but there's
> > nothing else--just a blank body and no attachment.  I have it
> > pointing at the right log file, and it creates the copy of the log,
> > but I get nothing in the e-mail. What should I be getting in the
> > e-mail?  Thanks.
> >
> > Matt Harrell
> > Plexus Systems
> > mhar at plex-sys.com
> >
> >
> > _______________________________________________
> > Dshield mailing list
> > Dshield at dshield.org
> > To change your subscription options (or unsubscribe), see:
> > http://www1.dshield.org/mailman/listinfo/dshield
> >
> > _______________________________________________
> > Dshield mailing list
> > Dshield at dshield.org
> > To change your subscription options (or unsubscribe), see:
> > http://www1.dshield.org/mailman/listinfo/dshield
> >
> 
> -- 
> -------
> jullrich at sans.org                    Join http://www.DShield.org
>                                    Distributed Intrusion Detection
>                                    System
> 
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www1.dshield.org/mailman/listinfo/dshield





More information about the list mailing list