[Snort-users] Remote NT 2000 logging

Robert E. Leever bel1 at ...358...
Tue Oct 24 18:59:28 EDT 2000


you could probably adapt netcat 
[the hacker's friend] to send the
snort output into netcat on the NT
to a netcat listener on another {unix, linix, etc}
system and pipe that into the syslog
there.  netcat is cheap. {like free}
small and pretty efficient.  runs in either tcp
or udp too.  

I've tested netcat on
solaris 2.4 & 2.6 but not NT.  If you do something
like this you need to put in startup scripts so it
comes up automagically at boot time on all of the 
platforms.

'Course, you gotta wonder about putting such a 
powerful hacker tool on your systems.  (c:

----snip-----

Netcat and the associated package is a product of Avian Research, and is freely
available in full source form with no restrictions save an obligation to give
credit where due.  Get it via anonymous FTP at avian.org:/src/hacks/nc110.tgz
which is a gzipped tar file and not to be confused with its version 1.00
precursor, nc100.tgz.  Other distribution formats can be accomodated upon
request.  Netcat is also mirrored at the following [faster] sites:

        zippy.telcom.arizona.edu:/pub/mirrors/avian.org/hacks/nc110.tgz
        ftp.sterling.com:/mirrors/avian.org/src/hacks/nc110.tgz
        coast.cs.purdue.edu:/pub/tools/unix/netcat/nc110.tgz
        ftp.rge.com:/pub/security/coast/mirrors/avian.org/netcat/nc110.tgz


b;)



More information about the Snort-users mailing list