[Snort-users] IDMEF plugin for snort 2.6?

(infor) urko zurutuza uzurutuza at ...14087...
Mon Jul 23 02:42:53 EDT 2007


You could also log your alarms to Prelude-ids, which relies precisely in
IDMEF.

URko

> -----Mensaje original-----
> De: snort-users-bounces at lists.sourceforge.net [mailto:snort-users-
> bounces at lists.sourceforge.net] En nombre de Justin Heath
> Enviado el: domingo, 22 de julio de 2007 23:23
> Para: Jochen Kaiser
> CC: snort-users at lists.sourceforge.net
> Asunto: Re: [Snort-users] IDMEF plugin for snort 2.6?
> 
> I don't know of anything up to date. However, if I had to do something
> similar I would use the unified OR unified2 output and create the
> idmef message from there.
> 
> 
> Cheers,
> Justin
> 
> On 7/22/07, Jochen Kaiser <Jochen.Kaiser at ...704...> wrote:
> > Hi,
> >
> > I need IDMEF output from snort for a research project.
> >
> > Since the IDMEF plugin is a diff against 2.4.4 my question: is there
> another
> > plugin or method available from anyone?
> > Maybe there is a IDMEF proxy which gets a stream of events an
> generates
> > IDMEF messages?
> >
> > I would like a direct IDMEF output from snort. At the moment I query
> the
> > ACID-SQL-database for certain events and generate an IDMEF message.
> >
> > Any ideas, hints?
> >
> > regards,
> > JK
> >
> >
---------------------------------------------------------------------
> ----
> > This SF.net email is sponsored by: Splunk Inc.
> > Still grepping through log files to find problems?  Stop.
> > Now Search log events and configuration files using AJAX and a
> browser.
> > Download your FREE copy of Splunk now >>  http://get.splunk.com/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> 
>
-----------------------------------------------------------------------
> --
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a
browser.
> Download your FREE copy of Splunk now >>  http://get.splunk.com/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list