[Snort-users] DShield logs from Snort logs?

Harald Finnaas mailings at ...5728...
Tue Aug 27 08:13:09 EDT 2002


>All depends on your snort.conf / cmdine options but the portscan and
>snort 1.8 alert scripts in the framework client
>http://www.dshield.org/framework.html
>should mostly work, you may have to do a little hacking about but it is
pretty
>straight forward.

I really don't know Perl that well. I just pointed the script at the
portscan log, but it didn't recognize the format.

I also tested using syslog, but was unable to get Snort to log to a
different file than the default Redhat "messages" file. I played around with
different facilities in Snort / syslog.conf for a while, but....

>If you are using ACID then I have a script (ugly)  that can pull from that.

Yes please! :) I'm running ACID so I'd appreciate a copy.

Regards,
Harald







More information about the Snort-users mailing list