[Snort-users] upgraded some tools (snortplot)
angelos at ...3906...
Thu Oct 25 07:05:05 EDT 2001
On Thu, 25 Oct 2001, Martin Roesch wrote:
> Date: Thu, 25 Oct 2001 09:37:11 -0400
> From: Martin Roesch <roesch at ...1935...>
> To: angelos at ...788...
> Cc: snort-list <snort-users at lists.sourceforge.net>
> Subject: Re: [Snort-users] upgraded some tools (snortplot)
> Angelos Karageorgiou wrote:
> > I have been trying to make heads and tails of the new logging scheme,
> > which is totally unclean btw, and came up with the 3rd version of
> > snortlog3.pl
> > and a brand new rewrite for snortplot.
> Which logging scheme is unclean? DB? Unified? Syslog? What??
oh you have gone so far :-)
Well the syslog version is really tough to apply a regex onto it
to normalize the output, Expect that some of the scripts will be broken
It is not so much a snort problem more like a problem of the people who
write the rules, they do not have a consistent logging scheme for the
errors they display. So sometimes you have warings in square brackets
other times two warnings in square brackets etc.
Oh well we cannot keep everybody satisfied.
> Cool stuff Angelos!
Thanks Marty, are you folks planning to create a NIDS box much like
the people at NFR did ? You know, plug it in, let it churn
get the logs an process them , it could sell well as a device!
Angelos Karageorgiou CTO IQS SA
More information about the Snort-users