[Dshield] snort_18_syslog.pl

Clint Byrum cbyrum at erp.com
Tue Oct 30 17:28:41 GMT 2001


I've written one for pgsql. Since this is Perl and its "DB Independant" 
layer, it should be easy to modify so it works with MySQL. I've attached 
it to this message.

Its GPL'd, and I don't have any more time to work on it at this point, 
so please enjoy. I stopped when I realized that DShield might not want 
every alert I have in my DB, as some are quite erroneous. So it probably 
needs some work before it can be made "production".

Peter Borner wrote:

>John,
>
>Thanks for the reply. I've tried pointing at the various files with
>varying results. The problem seems to be that most of the alerts are
>skipped because the parser doesn't recognise the format of the entries.
>I also log to a MySQL database. I've got approx 30K alerts logged. The
>snort_18_syslog.pl sees less than 1% of the alerts. Maybe it would be
>easier to write a script to pull the alerts out of the database and
>submit them to Dshield?
>
>Peter
>
<snip>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dshield-sql.pl
Url: http://www.dshield.org/pipermail/list/attachments/20011030/52a04ae8/dshield-sql.pl


More information about the list mailing list