[Snort-users] Project PigRoast and logging...

k timm ktimm at ...539...
Tue Oct 10 22:50:06 EDT 2000


I am interested in what you are trying to accomplish. I have worked with
snortnet a little but haven't really had the time to test it . I hope to do
that soon. There appears to be the same ability eith postgres and mysql logging
as well, however due to the fact that snortnet uses IAP it may have the most
promise. I know Fyodor was a great help in getting it setup , I just haven't
had the time to test.
Kevin


On Tue, 10 Oct 2000, Steve Halligan wrote:
> 
> See also SnortNet and ACID/AIRCERT.  They are both working on projects that
> sound very similar to this.  No need to reinvent the wheel :)
> Links to these projects should be on the snort website.
> 
> Steve
> 
> > -----Original Message-----
> > From: Jason Boyer [mailto:jason at ...418...]
> > Sent: Tuesday, October 10, 2000 9:53 AM
> > To: me at ...297...
> > Cc: Max Vision; snort-users at lists.sourceforge.net;
> > arachnids at ...4...
> > Subject: Re: [Snort-users] Project PigRoast and logging...
> > 
> > 
> > I believe you can log to multiple machines at once. So you 
> > can take 3 separate machines who are doing independent 
> > logging and have those log to one machine and just echo such 
> > alerts to the console or run your log parser on those logs.
> > Doesn't seem like something extremely special. I may be wrong 
> > but that's my current understanding.
> > 
> > Jason
> > 
> > Joe Magee wrote:
> > 
> > > Hey max, I haven't really introduced myself before however 
> > I'm a fan of your site. I was wondering what thoughts you 
> > have about Project PigRoast thing I'm working on. have you 
> > seen something like this done before? do you currently do any 
> > remote logging or log collaboration? I'm trying to play with 
> > the best way to go about doing this.
> > >
> > > http://www.joemagee.com/projectpigroast.htm
> > >
> > > What I would like to do is have all my snort machines log 
> > back to a single host. then have that host either run 
> > snortsnarf and present all log material in html format or 
> > transport the logs somewhere where they can be viewed. One of 
> > my most important goals is to be able to hand the monitoring 
> > job over to a "sysops" type of person who will watch the logs 
> > and respond accordingly, so what I need to do is get the data 
> > a "console" for monitoring so I can then start writing 
> > respond and react type of policies.
> > >
> > > any ideas?
> > >
> > > Thanks
> > >
> > > Joe Magee
> > > Information Security Engineer
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > http://lists.sourceforge.net/mailman/listinfo/snort-users
> > 
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > http://lists.sourceforge.net/mailman/listinfo/snort-users
> > 
> 

----------------------------------------
Content-Type: text/html; name="unnamed"
Content-Transfer-Encoding: quoted-printable
Content-Description: 
----------------------------------------

-- 
Kevin Timm 



More information about the Snort-users mailing list