FA 5.0 and Snort
FA 5.0 and Snort
Hi all,
My FA appears not work fine with Snort Logs. Follow my environment:
- FA installed into Win2003 Server listening in UDP/1514
- Snort 2.8.1 installed into Fedora Core 7 and using syslog-ng
I can see, via Microsoft Network Monitor, the UDP/1514 connection from snort to FA server.
Sometimes logs are process by FA, sometimes no...
Snort log format like:
01/27/09-16:58:44.176598 * [1:10995:3] SMTP possible BDAT DoS attempt * [Classification: Detection of a Denial of Service Attack] [Priority: 2] {TCP} YYY.YYY.YYY.YYY:13511 -> XXX.XXX.XXX.XXX:25
Does any one know what happens?
Thanks a lot.