Re: SANS

["Imran William Smith" <iwsmith () mimos my>]

There's already a GCIA study guide.  In it, is listed lots of previous practicals that
have already written scripts / methods of processing the large amount of
data.  There's perl solutions, shell script solutions, database solutions.  I don't
think Acid alone will suffice.  If you go the database way, you would probably
wish to write raw SQL to get the results you need.

--
Imran William Smith
Security Products Development
Mimos Bhd, Malaysia





----- Original Message ----- 
From: "Gyorda.com" <snort () gyorda com>
To: <snort-users () lists sourceforge net>
Sent: Wednesday, July 17, 2002 10:28 PM
Subject: [Snort-users] SANS


| Hello,
|     Anyone done the SANS practical for Intrusion Detection?  If so how does
| one analyze part three of the practical where we have to take thousands of
| snort logs and analyze them?  Is there some simple method of importing them
| into ACID or snort snarf?  I can't see using grep/sort/find on all these
| logs and being done in time.
| 
| Big G
| 
| 
| 
| -------------------------------------------------------
| This sf.net email is sponsored by:ThinkGeek
| Welcome to geek heaven.
| http://thinkgeek.com/sf
| _______________________________________________
| Snort-users mailing list
| Snort-users () lists sourceforge net
| Go to this URL to change user options or unsubscribe:
| https://lists.sourceforge.net/lists/listinfo/snort-users
| Snort-users list archive:
| http://www.geocrawler.com/redir-sf.php3?list=snort-users
| 



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users