RE: Checkpoint FW1 Alerts to acid/Snort?

["Ofir Arkin" <ofir () sys-security com>]

Marc,

You are able to send the CheckPoint FW-1 alerts, and logged information
to other sources.

Have you tried to look at www.phoneboy.com?


Ofir Arkin [ofir () sys-security com]
The Sys-Security Group
http://www.sys-security.com
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA 

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Marc
Dreher
Sent: ד 09 ינואר 2002 12:28
To: Snort-users () lists sourceforge net
Subject: [Snort-users] Checkpoint FW1 Alerts to acid/Snort?

Hi,

This question is not 100% snort related but I hope sombody maybe able to
give some hints. We are using snort sensors for intrusion detection with
acid as
analysis console. Besides that we use Checkpoints Firewall-1 as, who'd
expect, firewalls. As we can not place a snort sensor next to every
firewall, the
question now is, if there is a posibility/tool to parse the dropped
packets
alerts generated by the firewalls somehow into the database to enable
analysis
with acid alongside with the snort alerts. 
Can anybody help here.

Thanks a lot

Marc

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users