This is a bit off-topic but have you looked at securityfocus.net's (calgary-based company) DeepSight Analyzer? It's a free service that accepts log files from many different programs(snort being one) analyzes them and collates the results with the rest of the world, emails formatted results to you, etc... The URI is http://analyzer.securityfocus.com/ and the extractor can be downloaded from http://analyzer.symantec.com/Download.asp (you need to setup an account). Just thought I'd mention it here if anyone wants to give it a try.
Jacob > I've been playing with Snort on my server over the past week. The > downside > is that I can't really tell how well it's working because my IPCop > firewall > is blocking everything. This is a good thing! But, I'd like to try > running > SnortSnarf to report the attacks on my system. I just tried to export the > intrusion detection logs from IPCop, but I don't think they export to a > format compatible with snort. > > So, I'm looking for ideas on how to get the snort log files on the IPCop > box > moved to my server automatically (and peridically through cron), so I can > run SnortSnarf against them. The server doesn't have FTP configured, nor > does the IPCop firewall. Both have SSH configured, but I haven't been too > sucessful at doing an ssh session to the firewall from the server (just > tried, with port 22 and 222). > > Any thoughts or suggestions? Thanks. > > Shawn > >
