Snort mailing list archives
Re: resolved names in logs
From: Erek Adams <erek () theadamsfamily net>
Date: Thu, 20 Sep 2001 07:39:26 -0700 (PDT)
On Thu, 20 Sep 2001, Alex Pinheiro Machado Rodrigues wrote:
How I can configure my snort to see at logs and alerts, resolved host names,not IP addresses? Is it possible?
To quote Marty on this: "Snort will never do DNS resolution." It really doesn't make sense to do it. Extra CPU cycles, by doing the lookup you might clue Mr. Hax0r that an IDS just saw him, denial of service, etc... If you can't live without hostnames, then do some sort of post-processing. Use a Perl script to parse the logs and convert into hostnames. Snort-stat.pl from the http://snort.sourcefire.com/ site will do this. ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- resolved names in logs Alex Pinheiro Machado Rodrigues (Sep 20)
- Re: resolved names in logs Italo Antonio (Sep 20)
- Re: resolved names in logs Erek Adams (Sep 20)