tag:blogger.com,1999:blog-4088979.post111383412310299060..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: New Honeynet Project ChallengeRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-4088979.post-1113943320276060252005-04-19T16:42:00.000-04:002005-04-19T16:42:00.000-04:00ACK, thank you.ACK, thank you.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1113879411792999932005-04-18T22:56:00.000-04:002005-04-18T22:56:00.000-04:00Richard:You might want to try using SEC (Simple Ev...Richard:<BR/><BR/>You might want to try using SEC (Simple Event Correlator) for this log parsing task. One of my colleagues used this tool for a similar situation (during our SANS GIAC course to parse all the snort logs they distribute). Worked great!<BR/><BR/>SEC: http://kodu.neti.ee/~risto/sec/<BR/><BR/>Here's a great write up by Jim Brown on using SEC : http://sixshooter.v6.thrupoint.net/SEC-examples/article.html<BR/><BR/>And Chris' Posted practical if you'd like to see how he used it to parse his snort logs.<BR/><BR/>http://www.giac.org/certified_professionals/practicals/gcia/0650.phpAnonymousnoreply@blogger.com