[Snort-users] Snort/Logsnorter/PureSecure Cisco ACL's
dlewis at ...10539...
Thu Nov 20 23:59:02 EST 2003
agreed I have a sync issue.. it's not the rotuer that's not sync'd it's my
development box.. all my production box's have ntp synced
actually by the router and the router has several different ntp sources
that it determines best from.
my bigest problem right now is that I can't get it to input into the
database I'm assuming that something has changed
since it was written but so far I haven't found anyone that is sucessfully
using log snorter for cisco.
snort 2.0.1 and logsnorter... and a cisco box with 12.1 IOS on it.
Thus my post.
At 09:10 AM 11/17/2003, Michael Scheidell wrote:
>At the very least, it means that the clock on the cisco box is not ntp
>synced, and therefore you cannot trust it:
>see the *Nov 12 00:09:21?
>(its the '*')
>: Nov 12
> > 00:11:03 c4700 3062: *Nov 12 00:09:21 EST: %SEC-6-IPACCESSLOGP: list
> 185 denied
> > tcp XX.XX.XXX.XXX(52076) -> YY.YY.YYY.YYY(135), 2 packets
>SECNAP Network Security
>561-368-9561 x 1131
>This SF. Net email is sponsored by: GoToMyPC
>GoToMyPC is the fast, easy and secure way to access your computer from
>any Web browser or wireless device. Click here to Try it Free!
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:
More information about the Snort-users