[Logwatch] Filter for processing syslog output from SNORT.

Mike Tremaine mgt at stellarcore.net
Wed Dec 15 08:56:18 MST 2004

On Tue, 2004-12-14 at 16:21, Basselgia, Barry A Mr (NAF Atsugi) wrote:
> I've been looking for a logwatch filter that will process info from SNORT.  
> I asked on the SNORT mailing list and no one seems to know of one.  They
> suggested asking here.
> Does anyone have a filter for processing SNORT log entries?

Not that I've heard of.... I've always done my snort reporting outside
of logwatch. I'm sure you you've seen this but
http://www.snort.org/dl/contrib/data_analysis/ has all the user built
reporting tools. I used snort_stat.pl to build my own snort reporting
tool. [Mostly because it was simple of enough to start with and I could
read it.] I keep meaning to release my "ids_reports" tools but never
seem to have the time to get it out the door.

> In the mean time, I've started working on writing my own filter for SNORT.
> If I get this working is there a policy/procedure I need to follow to make
> the filter available for others to use?


> Thanks,
> Barry
> _______________________________________________
> Logwatch mailing list
> Logwatch at logwatch.org
> http://www2.list.logwatch.org:81/lists/listinfo/logwatch
Mike Tremaine
mgt at stellarcore.net

More information about the Logwatch mailing list