erosander at matrixns.com
Tue Oct 30 06:40:59 GMT 2001
Actually, he put the new script up on dshield.org the day you asked
about it. Try downloading it again, it should work.
From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org] On
Behalf Of Peter Borner
Sent: Monday, October 29, 2001 12:40 PM
To: dshield at dshield.org
Subject: RE: [Dshield] snort_18_syslog.pl
Have you made any progress with this yet?
From: Johannes B. Ullrich [mailto:jullrich at euclidian.com]
Sent: 18 October 2001 22:34
To: Dshield (E-mail)
Subject: Re: [Dshield] snort_18_syslog.pl
-----BEGIN PGP SIGNED MESSAGE-----
> I am attempting to get snort_18_syslog.pl to work. I am not sure which
> log file to point the program at. Do I point it at my syslog file or
> snort alert file?
I will spent some time over the next few days sorting out the various
snort log formats. I will focus on 1.8 (as I use it myself, and it is
now the prefered version) and see if I can come up with a parser that
recognizes the various formats.
Snort has a wide range of formats. I think we have parsers and scripts
for most of them, but they are not always clearly labled...
jullrich at sans.org Join http://www.DShield.org
Distributed Intrusion Detection System
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list