[Snort-users] Win32-snort users

James Hoagland hoagland at ...47...
Wed Jul 26 19:56:41 EDT 2000


Hello Carv,

You might want to check out SnortSnarf 
(http://www.silicondefense.com/snortsnarf/).  It was originally fully 
Unix and Windows NT compatible.  Then we added some extra 
functionality that probably won't run on Windows (annotations and 
SISR come to mind).  The main script to generate the set of HTML, 
snortsnarf.pl, should run okay, though we have not tried it recently. 
If you get it working, let us know.  Come to think of it, not many 
changes will probably be needed to get the other parts working with 
Windows, so if you make any compatibility changes, let us know and we 
can incorporate those.  It should be easier than writing your own 
script.

Regards,

   Jim

At 12:19 PM -0700 7/26/00, H Carvey wrote:
>I am using Win32-snort...have been since about a day
>after it was released. 
>
>I'd like to know if anyone else is using it.  I'd also
>like to know if anyone else is looking for NT-based
>Perl scripts to put their alerts into some kind of
>report.
>
>Right now, I use a Perl script that produces:
>
>http://patriot.net/~carvdawg/idsreport.html
>
>It pulls snort alerts from the EventLog, and puts them
>in a table.  The script then runs nmapNT against each
>of the unique IP addresses.
>
>Carv
-- 
|*   Jim Hoagland, Associate Researcher, Silicon Defense    *|
|*               hoagland at ...47...                *|
|*  Voice: (707) 445-4355 x13          Fax: (707) 826-7571  *|




More information about the Snort-users mailing list