[Snort-users] Snortsam log to database and correlation with snortdb

Chan Kien Eng eng at ...11599...
Wed Apr 21 03:25:21 EDT 2004


Hi all,

Did anyone has done this before: logging the snortsam logs to a database
and do some sort of co-relation between it? 

The idea is to answer the question: How do I know that when the
signatures is triggered, snortsam is actually doing the firewall
blocking? Of course we can do it manually by comparing the snortsam logs
and the snort logs from ACID etc, but this is too manual and its time
consuming. I'll trying to look something that can make life easier :)

Any ideas?

Thanks.
 


*****Confidentiality Notice***************** 
This message contains confidential
information and is intended only for the 
individual named.If you are not the named
addressee you should not disseminate, 
distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if 
you have received this e-mail by mistake and
delete this e-mail from your system.
********************************************






More information about the Snort-users mailing list