been playing with this a little, and was able to get an SSH connection to the firewall from my server (helps if I use the correct syntax, AND port number at the same time). So, I was then looking at using SCP to grab the files in question. I guess I don't know enough about SCP, and the man page wasn't too clear either. Here's the commands I entered:
scp -P 222 [EMAIL PROTECTED]:/var/log/snort/alert #alert is a file scp -P 222 [EMAIL PROTECTED]:/var/log/snort/* in both cases I get prompted with the correct usage for SCP. But I thought this was correct usage (based on the usage prompt).... Any suggestions are appreciated. Thanks. Shawn -----Original Message----- From: Shawn [mailto:[EMAIL PROTECTED] Sent: Sunday, November 02, 2003 2:21 PM To: CLUG (E-mail) Subject: (clug-talk) SnortSnarf for IPCop on a different computer? I've been playing with Snort on my server over the past week. The downside is that I can't really tell how well it's working because my IPCop firewall is blocking everything. This is a good thing! But, I'd like to try running SnortSnarf to report the attacks on my system. I just tried to export the intrusion detection logs from IPCop, but I don't think they export to a format compatible with snort. So, I'm looking for ideas on how to get the snort log files on the IPCop box moved to my server automatically (and peridically through cron), so I can run SnortSnarf against them. The server doesn't have FTP configured, nor does the IPCop firewall. Both have SSH configured, but I haven't been too sucessful at doing an ssh session to the firewall from the server (just tried, with port 22 and 222). Any thoughts or suggestions? Thanks. Shawn
