Kismet Wireless

Kismet Forums

 

Posted by:securez
Subject:Emit unified2 alerts
Date:11:09:36 06/08/2013

Hi,

I'm a newbie with IDS, I used kismet in the past, but for only scan perimeter WLANs and get info about them.

Now I want to create a WIDS that will get security alerts, i see that a tap interface that snort can consume, but snort is only get layer 3 - 7 attacks, so I see that Kismet can detect some Layer 2 activity that can be suspicious.

My problem now is that alert files are not rotated, i can make a script that stops kismet rotate logs, but I try to find some more elegant solution.

I get all the alerts and send it to a central database, barnyard2 will collect snort unified2 files and send to DB, kismet in the other end emit the alerts in custom format. So i can parse the custom format and create unified2 files, but this lead me the same no-rotation log problem.

It's possible or exists some project that I can contribute that will emit the Kismet alerts in unified2 format with a limit as snort do?

Regards.


Reply to this message