On Thursday 09 August 2001 09:28 pm, tcleary2at_private wrote: Yes, and IDMEF, IAP, etc. Snort supports IDMEF XML output through one if the plugins that it ships with. But what about the syslog lines from snort, iptables, ipchains? Not only reporting the attacks themselves, but reporting statistics on them. Which hosts did this attack? What else did host 'a' attempt to do? Were there any snort attack signatures detected that go with this iptables log message? What were they? See what I'm getting at? Hopefully those transportable Alerting Protocols will take off, they show great signs of being great if used properly. RH > Maybe this is the wrong place to say this, but there is an effort afoot to > standardise the output of > IDS logs to make them more "transportable" ( the IDWG, a sub-committee of > IETF - I believe > the proposal is trundling along the road to RFC -dom as we speak ) > > Presumably if Suppliers were to embrace this initiative, we might all have > our lives eased. > > I'll try to resurrect some of the old emails and post them to the list if > that's a good idea? > > Regards, > > tom. -- ============================================== Ryan Hilton Uber-Geeks.net ryanhat_private http://www.uber-geeks.net "No answer is also an answer" ============================================== --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 22:28:16 PDT