A Simple Snort Alert Parser
Sep 27, 2010, 19:04 (0 Talkback[s])
[ Thanks to J Fink
for this link. ]
"Snort Intrusion Detection Software (IDS) is a great
out of the box easy to use system to monitor a network for possible
threats. While there are many ways to receive alerts, one very
simple approach is to periodically parse the alert log and simply
mail alerts to whom it may concern. In this text a simple example
of parsing a snort alert log using Perl. Note this alerter could
probably be used for other loggers and there exist other tools
available like Splunk which might be more suited for larger
installations. The thesis of this text is to show how a relatively
useful utility can be quickly hacked together to provide an elegant
solution.
"Since this text has the time to think logically (the author
didn't) here is some pseudo code that expresses the idea of how
this particular parser will work. For the time being the script is
interested in priority 1 and priority 2 alerts:"
Complete
Story
Related Stories:
- PacketFence v1.9.1 Released(Sep 23, 2010)
- How To Configure The AIDE File Integrity Scanner For Your Website(Aug 18, 2010)
- MonitoringForge.org Reaches 1,000 Registrants After First Week inBeta(Oct 01, 2009)
- Intrusion Detection With Snort, ACIDBASE, MySQL, And Apache2 On Ubuntu 9.04(Sep 25, 2009)
- Snort open source IDS turns 10(Jun 01, 2009)
- Using Snort: Part 1: Installation and Configuration(Jun 10, 2008)
- When Snort is Not Enough(Jun 03, 2008)
