As you maybe heard FLoP (Fast Logging Project for Snort) http://www.geschke-online.de/FLoP/
has some nice advantages over snort build-in database output plugin.
Last week I worked on FLoP support in BASE.
First of all, BASE now can archive FLoP's extended db data additionaly to snort
official schemas: `pcap_header and `data_header` from data table
and `reference` from event table.
With FLoP it is possible to log full payload from which we can later rebuild alert in pcap
format which can be used to analyze it via tcpdump or ethereal to use their protocol
So, it's like I ported FLoP's getpacket to php and integrated it in BASE. It's posible to
rebild alert in pcap format like `Download of payload`.
And, If we have data header we can get and show from it MAC addresses and vendor information,
but complate MAC vendor mapping list is ~200kb. So from 1.8mb BASE would grow up to 2mb.
I know that vendor mapping list is useless for BASE users who aren't using FLoP.
So what you and Kevin thinks about that!? Would that be accaptable!?
I haven't commited it jet.
There is diff and screenshot how it looks in action ;)
Comments, corrections, suggestions!?
From: Michael Stone <mstone@ma...> - 2006-02-20 23:29:36
On Tue, Feb 21, 2006 at 12:04:26AM +0200, you wrote:
>I know that vendor mapping list is useless for BASE users who aren't
Sounds like an optional download. In many (most?) cases all the mac vendor
mapping is going to show is the manufacturer of your router.
On Mon, Feb 20, 2006 at 06:29:24PM -0500, Michael Stone wrote:
>On Tue, Feb 21, 2006 at 12:04:26AM +0200, you wrote:
>>I know that vendor mapping list is useless for BASE users who aren't
>Sounds like an optional download. In many (most?) cases all the mac vendor
>mapping is going to show is the manufacturer of your router.
>This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
>for problems? Stop! Download the new AJAX search engine that makes
>searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
>Secureideas-base-devel mailing list