[Snort-users] NIDS newbie question

Concordio M. Pajayat, Jr. conpaj at ...5830...
Sun May 12 05:16:01 EDT 2002


hi all!

i'm a newbie in NIDS, so sorry if this question have already been asked. i
successfully installed snort together with barnyard.
i am using the unified log ouput on snort and barnyard successfully
converted it to readable format, however, the ip addresses on the alert
logfile generated by barnyard were in reversed format. see below:
------------------------------------------------------------------------
05/10/02-10:54:26.660798  {ICMP} 11.0.168.192 -> 11.0.0.10
[**] [1:376:4] ICMP PING Microsoft Windows [**]
[Classification: Misc activity] [Priority: 3]
[Xref => http://www.whitehats.com/info/IDS159]
------------------------------------------------------------------------

how do i forced either snort or barnyard to log those ip addresses in
correct format? i am also running a perl script (guardian) that collects
ip addresses on the alert logfile for dynamic blocking of offending ip
address on our firewall.
any inputs or suggestions would be appreciated.

tia

concordio m. pajayat, jr.
open source technology enthusiast
pilipino internet, inc.
conpaj at PILNET dot COM

[  Sent through PILNET WebMail System - http://webmail.pilnet.com/  ]
[  "Go beyond the quest for information!"  -  http://www.pilnet.com/   ]






More information about the Snort-users mailing list