[Snort-users] Barnyard2 configuration and event generation

waldo kitty wkitty42 at ...14940...
Wed Dec 19 13:16:03 EST 2012


sometimes less is more... why go thru all the twists and turns when it seems 
that you only want is to list what is in the alert file? the alert file is a 
plain ascii text file that is easily parsed with perl (or most any other text 
parsing language or tools)... you can then output what ever you want from 
there... this is basically what the Guardian Active Response system does... 
however, its main goal is to manage blocked IPs by adding and removing them from 
the firewall's iptables and to do it all automatically...

if you need some details on parsing the alert file, just ask... it really is 
very simple...




More information about the Snort-users mailing list