[Dshield] snort_18_syslog.pl

Peter Borner peter at borner.org.uk
Thu Nov 1 19:05:56 GMT 2001


Johannes,

I'm happy to help test. I've got about 30K alerts in my file... mostly
Nimda and Code Red but there are quite a few others (55 unique types I
think). As soon as you give me the script I'll run it over whichever
file you want... I've got alerts logged to snort's alert file, the
syslog and MySql.

Peter

-----Original Message-----
From: Johannes B. Ullrich [mailto:jullrich at euclidian.com]
Sent: 01 November 2001 17:27
To: dshield at dshield.org
Subject: RE: [Dshield] snort_18_syslog.pl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> make these clients work. IMHO if Dshield is going to work as a concept
> then the clients need to be fixed so that all alerts are logged
> accurately.

Yes. This is something I will focus on. I promised to fix the snort
clients first and am currently working on this. I need a couple of
volunteers that would like to assist in testing. If possible, you
should have some time during the next few days for a quick turnaround
(I send you a version, you install it and send me back what it did/not
did).

Perl experience not required. Snort 1.8 required.

The main problem I am having is to get a good sample of the various
output
formats snort is currently supporting. Some of them do not to be
suitable
for dshield, as the information is too limited. But most of them are ok.


Thanks!

- --
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE74YXoVOIizK5pIDMRAtVzAJ9hWCqqIkEGQjKyxBf2v9dNeQ8KaACfcanl
Dny86T/L2qWPilXfj5g3B2M=
=B0xk
-----END PGP SIGNATURE-----

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2295 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20011101/b9a78822/smime.bin


More information about the list mailing list