On Oct 15, 2012, Pui Edylie wrote:

> Dear Members,
> 
> I have started using psad with fwsnort and it is awesome!
> 
> I have received alerts but they are not clear to me as it did not
> include the msg: field for the description
> 
> Right now I have to manually open up fwsnort.save to search for
> SID2013222 to figure out what it is.
> 
> Is there anyway we could include the info?

psad-2.2.1 is close to being released, and it includes a fix for this
problem by reading Snort rules from any installed fwsnort instance.  If
you want to try a snapshot of the latest code that include this fix,
here is a link:

http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=psad.git;a=snapshot;h=bd89cfbad0cdc4540f1b983811e40803b8fa29b9;sf=tgz

Thanks,

--Mike


> Thank you!
> 
> =-=-=-=-=-=-=-=-=-=-=-= Mon Oct 15 20:16:52 2012 =-=-=-=-=-=-=-=-=-=-=-=
> 
> 
>          Danger level: [1] (out of 5)
> 
>     Scanned TCP ports: [55016: 3 packets]
>             TCP flags: [ACK: 3 packets]
>        iptables chain: FWSNORT_FORWARD_ESTAB (*prefix "[929] SID2013222 
> ESTAB"*), 3 packets
>          fwsnort rule: 929
> 
>                Source: xxxxx
>                   DNS: xxxxxx
> 
>           Destination: xxxxx
>                   DNS: [No reverse dns info available]
> 
>    Overall scan start: Mon Oct 15 20:16:16 2012
>    Total email alerts: 7
>    Complete TCP range: [24722-55016]
>       Syslog hostname: bgp2
> 
>          Global stats: chain:   interface:   TCP:   UDP:   ICMP:
>                        FORWARD  bond2        4      0      0
> 
> [+] Whois Information (source IP):
> Unknown AS number or IP network. Please upgrade this program.
> 
> =-=-=-=-=-=-=-=-=-=-=-= Mon Oct 15 20:16:52 2012 =-=-=-=-=-=-=-=-=-=-=-=
> 
> 

> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev

> _______________________________________________
> psad-discuss mailing list
> psad-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/psad-discuss


------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to