Snort mailing list archives
Re: SANS
From: "Imran William Smith" <iwsmith () mimos my>
Date: Thu, 18 Jul 2002 08:45:58 +0800
There's already a GCIA study guide. In it, is listed lots of previous practicals that have already written scripts / methods of processing the large amount of data. There's perl solutions, shell script solutions, database solutions. I don't think Acid alone will suffice. If you go the database way, you would probably wish to write raw SQL to get the results you need. -- Imran William Smith Security Products Development Mimos Bhd, Malaysia ----- Original Message ----- From: "Gyorda.com" <snort () gyorda com> To: <snort-users () lists sourceforge net> Sent: Wednesday, July 17, 2002 10:28 PM Subject: [Snort-users] SANS | Hello, | Anyone done the SANS practical for Intrusion Detection? If so how does | one analyze part three of the practical where we have to take thousands of | snort logs and analyze them? Is there some simple method of importing them | into ACID or snort snarf? I can't see using grep/sort/find on all these | logs and being done in time. | | Big G | | | | ------------------------------------------------------- | This sf.net email is sponsored by:ThinkGeek | Welcome to geek heaven. | http://thinkgeek.com/sf | _______________________________________________ | Snort-users mailing list | Snort-users () lists sourceforge net | Go to this URL to change user options or unsubscribe: | https://lists.sourceforge.net/lists/listinfo/snort-users | Snort-users list archive: | http://www.geocrawler.com/redir-sf.php3?list=snort-users | ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users