[Snort-users] DShield logs from Snort logs?

Mark Rowlands mark.rowlands at ...752...
Tue Aug 27 06:57:07 EDT 2002

On Mon August 26 2002 20:59, Harald Finnaas wrote:
> Just wondering if anyone has scripts that can process the Snort logs and
> generate the kind of logs DShield wants? From what I've figured out the
> DShield Snort scripts read only syslog format.?
> Regards,
> Harald

snort logs in many ways, it's mysteries to perform ;-)

All depends on your snort.conf / cmdine options but the portscan and 
snort 1.8 alert scripts in the framework client 


should mostly work, you may have to do a little hacking about but it is pretty 
straight forward.

If you are using ACID then I have a script (ugly)  that can pull from that.

More information about the Snort-users mailing list