[Dshield] linux client (linksys router) and snort

Conner, Jim jconner at uslec.com
Mon Nov 18 16:13:57 GMT 2002


No...not necessarily.

I want a dshield client that is capable, instead of requiring reading alerts
from the alerts file reads them from the mysql db.  I currently use Demarc
as my front end.

Now, the binary logging is an option as long as the dshield client can read
the binary output (I haven't read yet where it would be capable of doing
so).

Of course, the reason for my using the mysql db is to save on disk space
since ascii is hdd intensive.

I appreciate everybody's repsonses.

---------------------------------------------------------------
Jim Conner           | AMA & Traffic Systems Analyst
USLEC of NC          | Security Steering Committee
6801 Morrison Blvd   | Unix Systems Development - Perl
Charlotte, NC 28211  | wk: 704.319.1222 pgr: 877.317.2448
jconner at uslec.com    | txt: 8773172448 at archwireless.net 

|-----Original Message-----
|From: Alberto Gonzalez [mailto:ag-dshield at cerebro.violating.us]
|Sent: Saturday, November 16, 2002 4:30 PM
|To: list at dshield.org
|Subject: Re: [Dshield] linux client (linksys router) and snort
|
|
|lets see If i interpreted this correctly, you want a client so you can 
|view your alerts that your logging to MySQL??
|check out ACID (Analysis Console for Intrusion Detection) from 
|http://www.cert.org/kb/acid/ . Now if your just
|writing alerts to disk, I suggest checking out unified logging and or 
|binary logging.
|
|Hope that Helps
|
|    - Albert
|
|jcoe wrote:
|
|>Has anyone written a client for linux that is able to read 
|the snort app
|>logs logging to a MySQL database?
|>
|>I use MySQL to save on hdd space.  I don't know the snort 
|table that well
|>and I have very little time to learn it to write my own 
|client for it.  I
|>suppose I could find time somewhere down the line, however, 
|unless there is
|>someone who is possibly in the middle of developing such a 
|script already.
|>
|>TIA
|>
|>
|>- Jim
|>
|>  
|>
|
|-- 
|The secret to success is to start from scratch and keep on scratching.
|
|
|




More information about the list mailing list