[Snort-users] Name Resolution in Alerts

Andrew.Zielinski at ...1252... Andrew.Zielinski at ...1252...
Thu Mar 15 10:28:14 EST 2001


Does anyone know of a way to have Computer names instead of IPs coming up
in the alerts.
I'm not so much concerned about doing a DNS look up, although that my be a
possiblity. I was wondering if there is a way to just set a variable in the
rules file for computers such as Mailserver, Virusscanner, Proxy, etc...
And having this names show up in the alerts instead of the IPs for known
servers. I believe I saw a way of doing it with DNS some where, but that
could be to resource intensive. I am using SnortSnarf to generate HTML.

Andrew Zielinski





More information about the Snort-users mailing list