-----Original Message-----
From: Kamal Ahmed
Sent: Fri 9/24/2004 11:26 AM
To: 'snort-users@lists.sourceforge.net'
Subject: Perl script that Generates Snort Raw Events
Hi,
I would like to know if there is a Perl script that Generates Snort Raw Events,
e.g. :
Full Format:
07/16/-2-08:06:26.464649 [**] [1:716:5] TELNET access [**] [Classification:
Not Suspicious Traffic] [Priority: 3] {TCP} 172.16.112.50:23 ->
135.13.216.191:1026
07/16/-2-08:23:39.630057 [**] [1:716:5] TELNET access [**] [Classification:
Not Suspicious Traffic] [Priority: 3] {TCP} 172.16.112.50:23 ->
135.13.216.191:1588
07/16/-2-08:34:18.399673 [**] [117:1:1] (spp_portscan2) Portscan detected from
195.73.151.50: 6 targets 6 ports in 19 seconds [**] {TCP} 195.73.151.50:2111 ->
172.16.113.105:25
Fast Format:
06/01/-2-08:04:50.992467 [**] [117:1:1] (spp_portscan2) Portscan detected from
172.16.114.148: 1 targets 21 ports in 14 seconds [**] {TCP} 172.16.114.148:20
-> 194.7.248.153:1812
06/01/-2-08:05:07.895030 [**] [1:716:5] TELNET access [**] [Classification:
Not Suspicious Traffic] [Priority: 3] {TCP} 172.16.112.50:23 ->
135.8.60.182:1941
06/01/-2-08:06:48.768633 [**] [117:1:1] (spp_portscan2) Portscan detected from
197.218.177.69: 1 targets 21 ports in 12 seconds [**] {TCP} 197.218.177.69:20
-> 172.16.113.204:1306
06/01/-2-08:07:13.845382 [**] [1:716:5] TELNET access [**] [Classification:
Not Suspicious Traffic] [Priority: 3] {TCP} 172.16.112.50:23 ->
135.8.60.182:2064
06/01/-2-08:16:27.920109 [**] [117:1:1] (spp_portscan2) Portscan detected from
135.8.60.182: 6 targets 6 ports in 5 seconds [**] {TCP} 135.8.60.182:2120 ->
172.16.114.168:25
06/01/-2-08:21:44.335582 [**] [117:1:1] (spp_portscan2) Portscan detected from
135.13.216.191: 6 targets 7 ports in 6 seconds [**] {TCP} 135.13.216.191:2186
-> 172.16.114.169:25
As well as Syslog Format ( I do not have any example)
I would appreciate any info/help.
Thanks,
-Kamal.
