[Dshield] snort_18_syslog.pl

Sue Young smy at gcmlp.com
Thu Nov 1 22:06:44 GMT 2001

I'd test it.  I'm new to dshield but I have Snort 1.8 running.
I'm a linux newbie with no perl experience but other programming
experience so I should be able to deal with it.

Do I ever have code red and nimda in my snort logs!

Sue Young

-----Original Message-----
From: Johannes B. Ullrich [mailto:jullrich at euclidian.com]
Sent: Thursday, November 01, 2001 11:27 AM
To: dshield at dshield.org
Subject: RE: [Dshield] snort_18_syslog.pl

Hash: SHA1

> make these clients work. IMHO if Dshield is going to work as a concept
> then the clients need to be fixed so that all alerts are logged
> accurately.

Yes. This is something I will focus on. I promised to fix the snort 
clients first and am currently working on this. I need a couple of 
volunteers that would like to assist in testing. If possible, you
should have some time during the next few days for a quick turnaround
(I send you a version, you install it and send me back what it did/not 

Perl experience not required. Snort 1.8 required.

The main problem I am having is to get a good sample of the various output 
formats snort is currently supporting. Some of them do not to be suitable 
for dshield, as the information is too limited. But most of them are ok.


- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org


Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list