[Snort-users] Project PigRoast and logging...

Steve Halligan agent33 at ...187...
Tue Oct 10 15:47:04 EDT 2000


See also SnortNet and ACID/AIRCERT.  They are both working on projects that
sound very similar to this.  No need to reinvent the wheel :)
Links to these projects should be on the snort website.

Steve

> -----Original Message-----
> From: Jason Boyer [mailto:jason at ...418...]
> Sent: Tuesday, October 10, 2000 9:53 AM
> To: me at ...297...
> Cc: Max Vision; snort-users at lists.sourceforge.net;
> arachnids at ...4...
> Subject: Re: [Snort-users] Project PigRoast and logging...
> 
> 
> I believe you can log to multiple machines at once. So you 
> can take 3 separate machines who are doing independent 
> logging and have those log to one machine and just echo such 
> alerts to the console or run your log parser on those logs.
> Doesn't seem like something extremely special. I may be wrong 
> but that's my current understanding.
> 
> Jason
> 
> Joe Magee wrote:
> 
> > Hey max, I haven't really introduced myself before however 
> I'm a fan of your site. I was wondering what thoughts you 
> have about Project PigRoast thing I'm working on. have you 
> seen something like this done before? do you currently do any 
> remote logging or log collaboration? I'm trying to play with 
> the best way to go about doing this.
> >
> > http://www.joemagee.com/projectpigroast.htm
> >
> > What I would like to do is have all my snort machines log 
> back to a single host. then have that host either run 
> snortsnarf and present all log material in html format or 
> transport the logs somewhere where they can be viewed. One of 
> my most important goals is to be able to hand the monitoring 
> job over to a "sysops" type of person who will watch the logs 
> and respond accordingly, so what I need to do is get the data 
> a "console" for monitoring so I can then start writing 
> respond and react type of policies.
> >
> > any ideas?
> >
> > Thanks
> >
> > Joe Magee
> > Information Security Engineer
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > http://lists.sourceforge.net/mailman/listinfo/snort-users
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20001010/a5695415/attachment.html>


More information about the Snort-users mailing list