Snort mailing list archives

Re: Snort/Logsnorter/PureSecure Cisco ACL's

From: Dave Lewis <dlewis () dsl-co com>
Date: Fri, 21 Nov 2003 03:04:13 -0500

agreed I have a sync issue.. it's not the rotuer that's not sync'd it's mydevelopment box.. all my production box's have ntp syncedactually by the router and the router has several different ntp sourcesthat it determines best from.

my bigest problem right now is that I can't get it to input into thedatabase I'm assuming that something has changedsince it was written but so far I haven't found anyone that is sucessfullyusing log snorter for cisco.


snort 2.0.1  and logsnorter... and a cisco box with 12.1 IOS on it.

Thus my post.


Dave


At 09:10 AM 11/17/2003, Michael Scheidell wrote:

At the very least, it means that the clock on the cisco box is not ntpsynced, and therefore you cannot trust it:


see the *Nov 12 00:09:21?

(its the '*')
: Nov 12

> 00:11:03 c4700 3062: *Nov 12 00:09:21 EST: %SEC-6-IPACCESSLOGP: list185 denied

> tcp XX.XX.XXX.XXX(52076) -> YY.YY.YYY.YYY(135), 2 packets
>
--
Michael Scheidell
SECNAP Network Security
561-368-9561 x 1131
www.secnap.com


-------------------------------------------------------
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target/g22lp.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?listort-users





-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort/Logsnorter/PureSecure Cisco ACL's Dave Lewis (Nov 13)
- <Possible follow-ups>
- Re: Snort/Logsnorter/PureSecure Cisco ACL's Michael Scheidell (Nov 17)
  - Re: Snort/Logsnorter/PureSecure Cisco ACL's Dave Lewis (Nov 21)