[Snort-users] DShield logs from Snort logs?

Mark Rowlands mark.rowlands at ...752...
Tue Aug 27 06:57:07 EDT 2002


On Mon August 26 2002 20:59, Harald Finnaas wrote:
> Just wondering if anyone has scripts that can process the Snort logs and
> generate the kind of logs DShield wants? From what I've figured out the
> DShield Snort scripts read only syslog format.?
>
> Regards,
> Harald

snort logs in many ways, it's mysteries to perform ;-)

All depends on your snort.conf / cmdine options but the portscan and 
snort 1.8 alert scripts in the framework client 

http://www.dshield.org/framework.html 

should mostly work, you may have to do a little hacking about but it is pretty 
straight forward.

If you are using ACID then I have a script (ugly)  that can pull from that.






More information about the Snort-users mailing list