smy at gcmlp.com
Thu Nov 1 22:06:44 GMT 2001
I'd test it. I'm new to dshield but I have Snort 1.8 running.
I'm a linux newbie with no perl experience but other programming
experience so I should be able to deal with it.
Do I ever have code red and nimda in my snort logs!
From: Johannes B. Ullrich [mailto:jullrich at euclidian.com]
Sent: Thursday, November 01, 2001 11:27 AM
To: dshield at dshield.org
Subject: RE: [Dshield] snort_18_syslog.pl
-----BEGIN PGP SIGNED MESSAGE-----
> make these clients work. IMHO if Dshield is going to work as a concept
> then the clients need to be fixed so that all alerts are logged
Yes. This is something I will focus on. I promised to fix the snort
clients first and am currently working on this. I need a couple of
volunteers that would like to assist in testing. If possible, you
should have some time during the next few days for a quick turnaround
(I send you a version, you install it and send me back what it did/not
Perl experience not required. Snort 1.8 required.
The main problem I am having is to get a good sample of the various output
formats snort is currently supporting. Some of them do not to be suitable
for dshield, as the information is too limited. But most of them are ok.
jullrich at sans.org Join http://www.DShield.org
Distributed Intrusion Detection System
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list