[Logwatch] Filter for processing syslog output from SNORT.

Mike Tremaine mgt at stellarcore.net
Wed Dec 15 08:56:18 MST 2004


On Tue, 2004-12-14 at 16:21, Basselgia, Barry A Mr (NAF Atsugi) wrote:
> I've been looking for a logwatch filter that will process info from SNORT.  
> 
> I asked on the SNORT mailing list and no one seems to know of one.  They
> suggested asking here.
> 
> Does anyone have a filter for processing SNORT log entries?

Not that I've heard of.... I've always done my snort reporting outside
of logwatch. I'm sure you you've seen this but
http://www.snort.org/dl/contrib/data_analysis/ has all the user built
reporting tools. I used snort_stat.pl to build my own snort reporting
tool. [Mostly because it was simple of enough to start with and I could
read it.] I keep meaning to release my "ids_reports" tools but never
seem to have the time to get it out the door.

> 
> In the mean time, I've started working on writing my own filter for SNORT.
> If I get this working is there a policy/procedure I need to follow to make
> the filter available for others to use?
> 

http://www2.logwatch.org:81/tabs/docs/HOWTO-Make-Filter.html


> Thanks,
> Barry
> 
> _______________________________________________
> Logwatch mailing list
> Logwatch at logwatch.org
> http://www2.list.logwatch.org:81/lists/listinfo/logwatch
-- 
Mike Tremaine
mgt at stellarcore.net
http://www.stellarcore.net



More information about the Logwatch mailing list