Snort mailing list archives
Re: Snort + iptables
From: "Ian Jones" <ian () dsl081-056-052 dsl-isp net>
Date: Sat, 21 Jul 2001 18:54:18 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I know that Alexander Newald has written Snort2IPTables, but I am less interested in an automated response than I am in capturing packets in my snort db. Is there a way to assimilate iptables logs into the Snort databese? I use gShield and a very restrictive ruleset, and I would like to also see the things that iptables/gShield is dropping. Is there a way to do this?
I use iptables to send packets to userspace using QUEUE. You can log these packets in tcpdump format and then use snort to read in the file and log to your database. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> Comment: Making the world safe for geeks. iQA/AwUBO1oyR8AVSpfzXItKEQJnLgCcDP15Spc+DvdFj6jcAK4DYJwZRxEAoIRP pv8X6VjkxxPyXA2KNox0Shuo =lkGx -----END PGP SIGNATURE----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort + iptables Bradley M Alexander (Jul 21)
- Re: Snort + iptables Ian Jones (Jul 21)
- Re: Snort + iptables Andreas Hasenack (Jul 21)
- Re: Snort + iptables Ian Jones (Jul 21)
- Re: Snort + iptables Andreas Hasenack (Jul 21)
- <Possible follow-ups>
- Re: Snort + iptables SHAIFUL HASHIM (Jul 23)
- Re: Re: Snort + iptables Jason Haar (Jul 23)
- Re: Snort + iptables Ian Jones (Jul 21)