[Dshield] snort_18_syslog.pl

Sue Young smy at gcmlp.com
Thu Nov 1 22:06:44 GMT 2001


I'd test it.  I'm new to dshield but I have Snort 1.8 running.
I'm a linux newbie with no perl experience but other programming
experience so I should be able to deal with it.

Do I ever have code red and nimda in my snort logs!

Sue Young

-----Original Message-----
From: Johannes B. Ullrich [mailto:jullrich at euclidian.com]
Sent: Thursday, November 01, 2001 11:27 AM
To: dshield at dshield.org
Subject: RE: [Dshield] snort_18_syslog.pl


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> make these clients work. IMHO if Dshield is going to work as a concept
> then the clients need to be fixed so that all alerts are logged
> accurately.

Yes. This is something I will focus on. I promised to fix the snort 
clients first and am currently working on this. I need a couple of 
volunteers that would like to assist in testing. If possible, you
should have some time during the next few days for a quick turnaround
(I send you a version, you install it and send me back what it did/not 
did).

Perl experience not required. Snort 1.8 required.

The main problem I am having is to get a good sample of the various output 
formats snort is currently supporting. Some of them do not to be suitable 
for dshield, as the information is too limited. But most of them are ok.


Thanks!

- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE74YXoVOIizK5pIDMRAtVzAJ9hWCqqIkEGQjKyxBf2v9dNeQ8KaACfcanl
Dny86T/L2qWPilXfj5g3B2M=
=B0xk
-----END PGP SIGNATURE-----

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list