[Snort-users] Snort/Logsnorter/PureSecure Cisco ACL's

Dave Lewis dlewis at ...10539...
Thu Nov 20 23:59:02 EST 2003


agreed I have a sync issue.. it's not the rotuer that's not sync'd it's my 
development box.. all my production box's have ntp synced
actually by the router and the router has several different ntp sources 
that it determines best from.

my bigest problem right now is that I can't get it to input into the 
database   I'm assuming that something has changed
since it was written but so far I haven't found anyone that is sucessfully 
using log snorter for cisco.

snort 2.0.1  and logsnorter... and a cisco box with 12.1 IOS on it.

Thus my post.


Dave


At 09:10 AM 11/17/2003, Michael Scheidell wrote:
>At the very least, it means that the clock on the cisco box is not ntp 
>synced, and therefore you cannot trust it:
>
>see the *Nov 12 00:09:21?
>
>(its the '*')
>: Nov 12
> > 00:11:03 c4700 3062: *Nov 12 00:09:21 EST: %SEC-6-IPACCESSLOGP: list 
> 185 denied
> > tcp XX.XX.XXX.XXX(52076) -> YY.YY.YYY.YYY(135), 2 packets
> >
>--
>Michael Scheidell
>SECNAP Network Security
>561-368-9561 x 1131
>www.secnap.com
>
>
>-------------------------------------------------------
>This SF. Net email is sponsored by: GoToMyPC
>GoToMyPC is the fast, easy and secure way to access your computer from
>any Web browser or wireless device. Click here to Try it Free!
>https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target/g22lp.tmpl
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?listort-users






More information about the Snort-users mailing list