[Snort-users] DShield logs from Snort logs?
mailings at ...5728...
Tue Aug 27 08:13:09 EDT 2002
>All depends on your snort.conf / cmdine options but the portscan and
>snort 1.8 alert scripts in the framework client
>should mostly work, you may have to do a little hacking about but it is
I really don't know Perl that well. I just pointed the script at the
portscan log, but it didn't recognize the format.
I also tested using syslog, but was unable to get Snort to log to a
different file than the default Redhat "messages" file. I played around with
different facilities in Snort / syslog.conf for a while, but....
>If you are using ACID then I have a script (ugly) that can pull from that.
Yes please! :) I'm running ACID so I'd appreciate a copy.
More information about the Snort-users