[Dshield] snort_18_syslog.pl

Peter Borner peter at borner.org.uk
Mon Oct 29 20:39:41 GMT 2001


Johannes,

Have you made any progress with this yet?

Thanks,

Peter

-----Original Message-----
From: Johannes B. Ullrich [mailto:jullrich at euclidian.com]
Sent: 18 October 2001 22:34
To: Dshield (E-mail)
Subject: Re: [Dshield] snort_18_syslog.pl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> I am attempting to get snort_18_syslog.pl to work. I am not sure which
> log file to point the program at. Do I point it at my syslog file or
my
> snort alert file?

I will spent some time over the next few days sorting out the various
snort log formats. I will focus on 1.8 (as I use it myself, and it is
now
the prefered version) and see if I can come up with a parser that
recognizes the various formats.

Snort has a wide range of formats. I think we have parsers and scripts
for
most of them, but they are not always clearly labled...




- --
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7z0rfVOIizK5pIDMRAkA0AJ9Yl5BKdS6ucPQCXmXaYcXDZbrSgwCffg9A
jBafMPQkXNcTzDK5bXzowP0=
=pN31
-----END PGP SIGNATURE-----

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2295 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20011029/91b293aa/smime.bin


More information about the list mailing list