[Snort-users] iplog

Dan Mahoney, System Admin danm at ...6608...
Tue Aug 13 11:08:01 EDT 2002


Hi all.  It seems to me that since iplog can both listen promiscuously on
an interface like snort can and that since it specializes in detection of
things snort NOT good at (i.e. stateful detections like portscans,
pingfloods, smurfs, etc), that there should be some way to use iplog as
(A) either a preprocessor of sorts or (B) There should be a way to use
logsnorter to suck in the logs from iplog.

I don't see logsnorter around anymore, I can't find it.  But is there some
way to accomplish this, and have them BOTH show up in ACID?

-Dan

--

"Don't try to out-wierd me.  I get stranger things than you free with my
breakfast cereal."

-Button seen at I-CON XVII (and subsequently purchased)

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Web: http://prime.gushi.org
finger danm at ...6608...
for pgp public key and tel#
---------------------------






More information about the Snort-users mailing list