Snort mailing list archives

Re: resolved names in logs

From: Erek Adams <erek () theadamsfamily net>
Date: Thu, 20 Sep 2001 07:39:26 -0700 (PDT)

On Thu, 20 Sep 2001, Alex Pinheiro Machado Rodrigues wrote:

How I can configure my snort to see at logs and alerts, resolved host
names,not IP addresses? Is it possible?


To quote Marty on this:  "Snort will never do DNS resolution."

It really doesn't make sense to do it.  Extra CPU cycles, by doing the lookup
you might clue Mr. Hax0r that an IDS just saw him, denial of service, etc...

If you can't live without hostnames, then do some sort of post-processing.
Use a Perl script to parse the logs and convert into hostnames.  Snort-stat.pl
from the http://snort.sourcefire.com/ site will do this.

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

resolved names in logs Alex Pinheiro Machado Rodrigues (Sep 20)
- Re: resolved names in logs Italo Antonio (Sep 20)
- Re: resolved names in logs Erek Adams (Sep 20)