[Snort-users] upgraded some tools (snortplot)

Angelos Karageorgiou angelos at ...3906...
Thu Oct 25 07:05:05 EDT 2001


On Thu, 25 Oct 2001, Martin Roesch wrote:

> Date: Thu, 25 Oct 2001 09:37:11 -0400
> From: Martin Roesch <roesch at ...1935...>
> To: angelos at ...788...
> Cc: snort-list <snort-users at lists.sourceforge.net>
> Subject: Re: [Snort-users] upgraded some tools (snortplot)
> 
> Angelos Karageorgiou wrote:
> > 
> > I have been trying to make heads and tails of the new logging scheme,
> >  which is totally unclean btw, and came up with the 3rd version of
> > snortlog3.pl
> > and a brand new rewrite for snortplot.
> 
> Which logging scheme is unclean?  DB?  Unified?  Syslog?  What??

oh you have gone so far :-) 

Well the syslog version is really tough to apply a regex onto it 
to normalize the output, Expect that some of the scripts will be broken

It is not so much a snort problem more like a problem of the people who 
write the rules, they do not have a consistent logging scheme for the
errors they display. So sometimes you have warings in square brackets
other times two warnings in square brackets etc.

Oh well we cannot keep everybody satisfied.

> 
> Cool stuff Angelos!
>

Thanks Marty, are you folks planning to create a NIDS box much like 
the people at NFR did ? You know, plug it in, let it churn 
get the logs an process them , it could sell well as a device!



-- 
Angelos Karageorgiou  CTO IQS SA





More information about the Snort-users mailing list