[Snort-users] May be slightly off topic but...

Gene Gomez gegomez at ...6324...
Mon Oct 21 16:12:02 EDT 2002


May be slightly off topic but...Why don't you just sort by timestamp?  It'll
do pretty much the same thing...
  -----Original Message-----
  From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Taylor, Graham
  Sent: Monday, October 21, 2002 6:47 AM
  To: 'snort-users at lists.sourceforge.net'
  Subject: [Snort-users] May be slightly off topic but...


  People,
          I am using snort and ACID, I am trying to sort the alerts for a
particular ip address by the sensor and alert number below is a selection of
the alerts

  #50-(7-10290)        (60)Unknown Sig Name        2002-10-21 11:05:52
194.235.194.178:4607        172.16.100.10:80        TCP

  #51-(7-10291)        (60)Unknown Sig Name        2002-10-21 11:05:52
194.235.194.178:4608        172.16.100.10:80        TCP

  #52-(7-10288)        (60)Unknown Sig Name        2002-10-21 11:05:52
194.235.194.178:4606        172.16.100.10:80        TCP

  #53-(7-10289)        (60)Unknown Sig Name        2002-10-21 11:05:52
172.16.100.10:80        194.235.194.178:4606        TCP

  #54-(7-10287)        WEB-CGI GIF89a        2002-10-21 11:05:52
194.235.194.178:4603        172.16.100.10:80        TCP




  The number I wish to sort on is the (7-102xx) I was hoping that one of you
guys more used to using Snort/Acid could give me an idea as to how to do
this :)



  Thanks


  Graham Taylor

  Business Continuity & Security
  Michael Page International
  39-41 Parker Street
  London WC2B 5LN
  Tel:    +44 020 7269 2378
  Fax:    +44 020 7405 4230
  Mobile: +44 787 041 2479
  mailto:graham at ...7231...

  This message and any attachments to it is intended only for the individual
or company to which it is addressed and may contain information which is
privileged, confidential or prohibited from disclosure or unauthorised use.
If the recipient of this transmission is not the intended recipient, or the
employee or agent responsible for delivering such materials to the intended
recipient, you are hereby notified that any use, any form of reproduction,
dissemination, copying, disclosure, modification, distribution and/or
publication of this e-mail message or its attachments other than by its
intended recipient is strictly prohibited by the sender.  If you have
received it in error, please return it to the sender and destroy the message
and/or copies in your possession.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20021021/b83f4678/attachment.html>


More information about the Snort-users mailing list