[prads-users] [Snort-users] HTTP port statistics
Edward Bjarte Fjellskål
edward.fjellskal at redpill-linpro.com
Tue Apr 6 18:44:14 CEST 2010
Jefferson, Shawn wrote:
> Hi Edward,
>
> Thanks! After doing that, the perl script to turn it into a host attribute table can take the two asset logs and create one XML file, or should one append the two asset logs together first?
You should probably have one prads-asset.log for each network, and apply
that to the corresponding snort instance?
Or, if you want to use one merged prads-asset.log (and the same)
for both snort instances, you can
$ cat prads-assset-1.log >> merged-prads-assset.log
$ cat prads-assset-2.log >> merged-prads-assset.log
and use prads2snort.pl on merged-prads-assset.log
If you have tested prads and prads2snort.pl, I would appreciate
if you could do some random checks, to see if the OS really
matches etc.
Any feedback, good or bad is welcome :)
Regards,
Edward
More information about the prads-users
mailing list