Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


A Simple Snort Alert Parser

Sep 27, 2010, 19:04 (0 Talkback[s])

[ Thanks to J Fink for this link. ]

"Snort Intrusion Detection Software (IDS) is a great out of the box easy to use system to monitor a network for possible threats. While there are many ways to receive alerts, one very simple approach is to periodically parse the alert log and simply mail alerts to whom it may concern. In this text a simple example of parsing a snort alert log using Perl. Note this alerter could probably be used for other loggers and there exist other tools available like Splunk which might be more suited for larger installations. The thesis of this text is to show how a relatively useful utility can be quickly hacked together to provide an elegant solution.

"Since this text has the time to think logically (the author didn't) here is some pseudo code that expresses the idea of how this particular parser will work. For the time being the script is interested in priority 1 and priority 2 alerts:"

Complete Story

Related Stories: