Kismet Wireless

Kismet Forums

 

Posted by:laserpad
Subject:Emit unified2 alerts
Date:22:31:06 06/08/2013

> Hi,
>
> I'm a newbie with IDS, I used kismet in the past, but for only scan perimeter WLANs and get info about them.
>
> Now I want to create a WIDS that will get security alerts, i see that a tap interface that snort can consume, but snort is only get layer 3 - 7 attacks, so I see that Kismet can detect some Layer 2 activity that can be suspicious.
>
> My problem now is that alert files are not rotated, i can make a script that stops kismet rotate logs, but I try to find some more elegant solution.
>
> I get all the alerts and send it to a central database, barnyard2 will collect snort unified2 files and send to DB, kismet in the other end emit the alerts in custom format. So i can parse the custom format and create unified2 files, but this lead me the same no-rotation log problem.
>
> It's possible or exists some project that I can contribute that will emit the Kismet alerts in unified2 format with a limit as snort do?
>
> Regards.

Have you tried using the virtual tap interface yet by adding "forcevap=true" to your Kismet config? Dragorn may have a more elegant solution but I have gotten results obtaining alerts by using this one line in the past.


Reply to this message