[Dshield] snort_18_syslog.pl

Peter Borner peter at borner.org.uk
Thu Oct 18 20:05:20 GMT 2001


I am attempting to get snort_18_syslog.pl to work. I am not sure which
log file to point the program at. Do I point it at my syslog file or my
snort alert file?
I've tried both and each time I run the program it skips over all the
lines in the file and tells me that the temp file is empty so it will
not send an email. I have thousands of Nimda and Code Red alerts in my
log files and a few portscans etc., I would have thought that it trigger
on at least one of the alerts. Am I under a total misunderstanding about
how to use the script?

Any help would be greatly appreciated. I've taken a look at the Perl
code but my knowledge of Perl is rather rudimentary to say the least!

TIA

Peter Borner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2295 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20011018/cde927da/smime.bin


More information about the list mailing list