Snort mailing list archives
Re: Barnyard2 configuration and event generation
From: waldo kitty <wkitty42 () windstream net>
Date: Wed, 19 Dec 2012 13:16:03 -0500
sometimes less is more... why go thru all the twists and turns when it seems that you only want is to list what is in the alert file? the alert file is a plain ascii text file that is easily parsed with perl (or most any other text parsing language or tools)... you can then output what ever you want from there... this is basically what the Guardian Active Response system does... however, its main goal is to manage blocked IPs by adding and removing them from the firewall's iptables and to do it all automatically... if you need some details on parsing the alert file, just ask... it really is very simple... ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Barnyard2 configuration and event generation Steve Marotta (Dec 19)
- Re: Barnyard2 configuration and event generation beenph (Dec 19)
- Re: Barnyard2 configuration and event generation Steve Marotta (Dec 19)
- Re: Barnyard2 configuration and event generation beenph (Dec 19)
- Re: Barnyard2 configuration and event generation Steve Marotta (Dec 19)
- Re: Barnyard2 configuration and event generation waldo kitty (Dec 19)
- Alerts are almost entirely "Executable Code was Detected" Steve Marotta (Dec 20)
- Re: Alerts are almost entirely "Executable Code was Detected" Joel Esler (Dec 20)
- Re: Barnyard2 configuration and event generation Steve Marotta (Dec 19)
- Re: Barnyard2 configuration and event generation beenph (Dec 19)