Dan Mahoney, System Admin
danm at ...6608...
Tue Aug 13 11:08:01 EDT 2002
Hi all. It seems to me that since iplog can both listen promiscuously on
an interface like snort can and that since it specializes in detection of
things snort NOT good at (i.e. stateful detections like portscans,
pingfloods, smurfs, etc), that there should be some way to use iplog as
(A) either a preprocessor of sorts or (B) There should be a way to use
logsnorter to suck in the logs from iplog.
I don't see logsnorter around anymore, I can't find it. But is there some
way to accomplish this, and have them BOTH show up in ACID?
"Don't try to out-wierd me. I get stranger things than you free with my
-Button seen at I-CON XVII (and subsequently purchased)
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
finger danm at ...6608...
for pgp public key and tel#
More information about the Snort-users