Network Security: Detailed info on Re: [Snort-users] IDMEF plugin for snort 2.6?

Subject:	Re: [Snort-users] IDMEF plugin for snort 2.6?
Date:	Mon, 23 Jul 2007 08:42:53 +0200

You could also log your alarms to Prelude-ids, which relies precisely in
IDMEF.

URko

-----Mensaje original-----
De: snort-users-bounces@lists.sourceforge.net [mailto:snort-users-
bounces@lists.sourceforge.net] En nombre de Justin Heath
Enviado el: domingo, 22 de julio de 2007 23:23
Para: Jochen Kaiser
CC: snort-users@lists.sourceforge.net
Asunto: Re: [Snort-users] IDMEF plugin for snort 2.6?

I don't know of anything up to date. However, if I had to do something
similar I would use the unified OR unified2 output and create the
idmef message from there.


Cheers,
Justin

On 7/22/07, Jochen Kaiser <Jochen.Kaiser@rrze.uni-erlangen.de> wrote:

Hi,

I need IDMEF output from snort for a research project.

Since the IDMEF plugin is a diff against 2.4.4 my question: is there

another

plugin or method available from anyone?
Maybe there is a IDMEF proxy which gets a stream of events an

generates

IDMEF messages?

I would like a direct IDMEF output from snort. At the moment I query

the

ACID-SQL-database for certain events and generate an IDMEF message.

Any ideas, hints?

regards,
JK

---------------------------------------------------------------------

----

This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a

browser.

Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

-----------------------------------------------------------------------

--
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a

browser.

Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-users] IDMEF plugin for snort 2.6?, Jochen Kaiser Re: [Snort-users] IDMEF plugin for snort 2.6?, Justin Heath Re: [Snort-users] IDMEF plugin for snort 2.6?, (infor) urko zurutuza <=

Previous by Date:	Re: [Snort-users] IDMEF plugin for snort 2.6?, Justin Heath
Next by Date:	[Snort-users] Snort v2.7.0 improve performance with lowmem search method on pcap file!, rmkml
Previous by Thread:	Re: [Snort-users] IDMEF plugin for snort 2.6?, Justin Heath
Next by Thread:	[Snort-users] Contibue to snort!!, sabrina ykrelef
Indexes:	[Date] [Thread] [Top] [All Lists]