[Snort-users] Basic questions about snort

Jason Haar Jason.Haar at ...294...
Sun Apr 15 23:39:25 EDT 2001


> ACIS is for snort only right now as far as I know.  I don't do too much with
> regards to Cisco logs, except log em to the syslog server.  I haven't been
> able to find any good tools that will assist the analyst with multiple
> syslog formats (i.e. portsentry, Linux, cisco, snort, etc...).  That would
> be a good project....

Ahem - check out logsnorter. Currently handles interpreting Cisco and
ipfw/ipchains syslog messages and injects them into the backend Snort SQL
datbases. Written in perl

http://www.snort.org/Files/logsnorter.tar.gz


-- 
Cheers

Jason Haar

Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417




More information about the Snort-users mailing list