[Snort-users] ANNOUNCE: logsnorter. Merge ipchains/Cisco access-lists into snort

Jason Haar Jason.Haar at ...294...
Wed Jan 17 20:31:58 EST 2001


Logsnorter v0.1

This is the first release of logsnorter for general consumption. 

This perl script scans syslog messages (typically in real-time), picks up
any "reject packet" messages generated by Ciscos or Linux ipfw/ipchains and
logs them into your central Snort SQL database. This allows you to "expand"
the reach of snort without having to put snort out into wierd areas - like
in front of your perimeter router/firewall...

Typically invoked for real-time action as:

logsnorter -T /var/log/syslog

For post-processing (e.g. yesterday's syslog messages), try:

cat /var/log/syslog.1|logsnorter -t

There's a perldoc page ("perldoc logsnorter") showing the options - the main
one to figure out is the /etc/logsnorter.conf config file.

[This is my first attempt at perldoc - can someone tell me how to stop
perldoc wrapping text - it really screwed up the example config file]

Please give it a go - it will explicitly exit when it meets a syslog line
it thinks it should know about that doesn't match it's current subroutines.
Let me know of any such issues, and those BSD users out there - how about
writing a few "modules" for ipfilter/etc support? Hmmm? :-)

I will be working on Linux 2.4 iptable support and (perhaps) PIX support
next week.

No home for it yet - maybe www.snort.org?

--
Cheers

Jason Haar

Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logsnorter.gz
Type: application/x-gzip
Size: 6193 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010118/84a0547c/attachment.bin>


More information about the Snort-users mailing list