[Snort-users] Snort/Logsnorter/PureSecure Cisco ACL's
dlewis at ...10539...
Thu Nov 13 20:38:29 EST 2003
Has anyone had any experience with Cisco Access Lists and Snort's LogSnorter.
I've been trying and all I'm having is problems.
Everytime I run the log snorter it comes back with
logsnorter: Error line 1. Cisco error line 1: doesn't match known type: Nov 12
00:11:03 c4700 3062: *Nov 12 00:09:21 EST: %SEC-6-IPACCESSLOGP: list 185 denied
tcp XX.XX.XXX.XXX(52076) -> YY.YY.YYY.YYY(135), 2 packets
(obviously the XX and YY would normally be ip's)
and does this for every line.. suggestions ?
I'm a little bit of a newbie to snort ... but my config for the logsnorter has
$db_server = 'localhost';
$db_database = 'IDS';
$db_usercode = 'USER';
$db_password = 'XXXXXXXXXX';
where the interface that my access list is on is eth0 and
the access lists is 185. c4700 I assumed as the name
that shows in the routers logs files. ???
Suggestions would be much appreciated..
More information about the Snort-users