I've been playing with Snort on my server over the past week. The downside is that I can't really tell how well it's working because my IPCop firewall is blocking everything. This is a good thing! But, I'd like to try running SnortSnarf to report the attacks on my system. I just tried to export the intrusion detection logs from IPCop, but I don't think they export to a format compatible with snort.
So, I'm looking for ideas on how to get the snort log files on the IPCop box moved to my server automatically (and peridically through cron), so I can run SnortSnarf against them. The server doesn't have FTP configured, nor does the IPCop firewall. Both have SSH configured, but I haven't been too sucessful at doing an ssh session to the firewall from the server (just tried, with port 22 and 222). Any thoughts or suggestions? Thanks. Shawn
