September 27th, 2003, 19:23
Would anybody happen to know how to get snort to keep a record in a file of just the ip's it records?

September 30th, 2003, 15:31
You should be able to just write a little script to pull the necessary info out of it. That's the way I's approach it. I also setup snort to log syslog which just keeps a record of the IP and the rule tripped.

September 30th, 2003, 16:23
forgot to update this..

i compiled snort for mysql support so i did end up writing a script to pull the ip's outta the table to a file..