Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: import historical data into ACID?

From: "Chris Eidem" <ceidem () Dexma com>
Date: Wed, 7 Aug 2002 10:56:50 -0500
Hello,

I'm trying out ACID and have got everything working, with the 
exception,
since I just installed it I have no data to run any useful 
queries. Though I
have a year's worth of Snort logs. Is there any way I can 
bring these logs
into the MySQL database so I can run some queries against 
data for the last
year?


set up a snort.conf to log to mysql:

output database: log, mysql, user=snort password=snort dbname=snort
host=localhost sensor_name=2
output database: alert, mysql, user=snort password=snort dbname=snort
host=localhost sensor_name=2

then go to the directory where your logs are and run this:
for i in `ls snort-*log`; do snort -A none -c
<path/to/snort.conf>snortmysql.conf -dr $i; done

this should fill your database up quite nicely...

 - chris



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: