[Snort-users] IDMEF plugin for snort 2.6?

Justin Heath justin.heath at ...11827...
Sun Jul 22 17:23:27 EDT 2007


I don't know of anything up to date. However, if I had to do something
similar I would use the unified OR unified2 output and create the
idmef message from there.


Cheers,
Justin

On 7/22/07, Jochen Kaiser <Jochen.Kaiser at ...704...> wrote:
> Hi,
>
> I need IDMEF output from snort for a research project.
>
> Since the IDMEF plugin is a diff against 2.4.4 my question: is there another
> plugin or method available from anyone?
> Maybe there is a IDMEF proxy which gets a stream of events an generates
> IDMEF messages?
>
> I would like a direct IDMEF output from snort. At the moment I query the
> ACID-SQL-database for certain events and generate an IDMEF message.
>
> Any ideas, hints?
>
> regards,
> JK
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >>  http://get.splunk.com/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list