Relate snort logs with Internal IPs
hi,
I am using snort. The alerts always show me 'our' public IPs conversing with the 'other' public IPs. While analysing i need to refer the firewall logs to relate and find the actual user (private IP) who is causing the alert. Is there a way to automatically relate these two, i.e. the firewall (PIX) logs and the Snort alerts? Something that works with snort, in short, to give something more useful.
|