[Dshield] snort_18_syslog.pl

Eric Rosander erosander at matrixns.com
Tue Oct 30 06:40:59 GMT 2001


Actually, he put the new script up on dshield.org the day you asked
about it. Try downloading it again, it should work.

-----Original Message-----
From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org] On
Behalf Of Peter Borner
Sent: Monday, October 29, 2001 12:40 PM
To: dshield at dshield.org
Subject: RE: [Dshield] snort_18_syslog.pl


Johannes,

Have you made any progress with this yet?

Thanks,

Peter

-----Original Message-----
From: Johannes B. Ullrich [mailto:jullrich at euclidian.com]
Sent: 18 October 2001 22:34
To: Dshield (E-mail)
Subject: Re: [Dshield] snort_18_syslog.pl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> I am attempting to get snort_18_syslog.pl to work. I am not sure which

> log file to point the program at. Do I point it at my syslog file or
my
> snort alert file?

I will spent some time over the next few days sorting out the various
snort log formats. I will focus on 1.8 (as I use it myself, and it is
now the prefered version) and see if I can come up with a parser that
recognizes the various formats.

Snort has a wide range of formats. I think we have parsers and scripts
for most of them, but they are not always clearly labled...




- --
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7z0rfVOIizK5pIDMRAkA0AJ9Yl5BKdS6ucPQCXmXaYcXDZbrSgwCffg9A
jBafMPQkXNcTzDK5bXzowP0=
=pN31
-----END PGP SIGNATURE-----

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list