From the ACID website
Quote:
ACID has the ability to analyze a wide variety of events which are post-processed into its database. Tools exist for the following formats:
* using Snort (www.snort.org)
o Snort alerts
o tcpdump binary logs
* using logsnorter ( www.snort.org/downloads/logsnorter-0.2.tar.gz)
o ipchains
o iptables
o ipfw
|
Which, as I understand it, means that ACID can be used to analyze firewall events. To do this, it uses logsnorter to feed iptables events in the ACID database.
My problem is that logsnorter doesn't put anything in the ACID database. And, if nothing is being put in the database, ACID has nothing to analyze. As such, it's functionality is of no use.
I read on the snort website that logsnorter is currently no longer maintained. So I wanted to find out if there are new/other alternatives to get my logging into the ACID database. For example: ulogd is working perfectly for me to register all Firewall events in a MySQL datase, so I wondered if I could use ulogd to populate the ACID database.
So Basically.
- logsnorter isn't working for me. And currently I have no clue why not.
- I need a solution to get usefull information into ACID.
- Logsnorter is no longer maintained.
==> 1. Do I spent time on getting logsnorter to work? Where can I find info, troubleshooting assistance on it? Is it worth the effort, considering it's no longer maintained.
==> 2. Are there alternatives?