[Snort-users] [OT] - Mysql logging, iptables, snort and you...

From: Bob McDowell <bmcdowell(at)coxhealthplans.com>
Date: Wed Feb 12 2003 - 19:46:15 EST

In short: If anyone is as crazy as I am and would benefit from my recent breakthrough, send me a note and I'll share with you my findings. Sorry this is not strictly a snort issue, but it is somewhat related.

Long story: I'm currently forwarding my syslogs from all of my snort boxes, firewalls, Windows servers, etc. to a single mysql database. I've been struggling with getting anything useful out of it (a report would be nice) and have been afraid to get some sort of tool because of the disparity between entries in the 'message' field. This afternoon I finally plodded my way through getting mysql to 'read' the 'message' field out of syslog and split the pertinent data into the correct fields. Iptables works great and tomorrow I'll be adding snort, ISA, etc.

If anyone is interested, please drop me a line and I'll send you the sql script I use to do it (or what I have so far for iptables at least).

Bob McDowell
IS Specialist
Cox HealthPlans, LLC
417.269.2848

---

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

---

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Wed Feb 12 19:53:27 2003