Snort mailing list archives
Re: Snort & Prelude
From: Krzysztof Zaraska <kzaraska () student uci agh edu pl>
Date: Sun, 2 Jun 2002 15:44:20 +0200
On 31 May 2002 16:32:45 +0200 counter.spy () gmx de wrote:
Hi folks, on focus-ids () securityfocus com a special mail caught my eye, regarding the prelude IDS. Has anybody already implemented a multi-tiered, distributed IDS infrastructure combining snort and prelude?
I am not aware of any working implementation of such system, however this is technically possible. Some time ago I was experimenting with combining Snort and Prelude and achieved some success. Basically the concept is to write a logging module for Snort which communicates with Prelude sending it alerts in its format. Once the alert is injected into Prelude's messaging system it will be processed like alerts generated natively by Prelude, so no further modifications are necessary. Unfortunately due to the lack of free time I was unable to fully implement all needed features, but the code I currently have can be viewed as a proof-of-concept. Please mail me privately if you want more information. Regards, Krzysztof -- // Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl // Prelude IDS: http://www.prelude-ids.org/ // A dream will always triumph over reality, once it is given the chance. // -- Stanislaw Lem _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort & Prelude counter . spy (May 31)
- <Possible follow-ups>
- Re: Snort & Prelude Krzysztof Zaraska (Jun 02)