[Snort-users] LogSnorter and Cisco router

dlewis at ...10539... dlewis at ...10539...
Tue Nov 11 21:22:12 EST 2003


Has anyone had any problems with log snorter and cisco syslog
dumps..

Everytime I run the log snorter it comes back with

logsnorter: Error line 1. Cisco error line 1: doesn't match known type: Nov 12
00:11:03 c4700 3062: *Nov 12 00:09:21 EST: %SEC-6-IPACCESSLOGP: list 185 denied
tcp XX.XX.XXX.XXX(52076) -> YY.YY.YYY.YYY(135), 2 packets

(obviously the XX and YY would normally be ip's)

and does this for every line.. suggestions ?

I'm a little bit of a newbie to snort ... but my config for the logsnorter has
this..


$db_server = 'localhost';
$db_database = 'IDS';
$db_usercode = 'USER';
$db_password = 'XXXXXXXXXX';

$DB_TYPE="mysql";

$cisco_interface['c4700',185]="Ethernet0";



where the interface that my access list is on is eth0 and
the access lists is 185.  c4700 I assumed as the name
that shows in the routers logs files.  ???



Suggestions would be much appreciated..


Dave






More information about the Snort-users mailing list