Snort mailing list archives
Re: organizing snort logs into a usable format
From: Jon Quiros <sysadmin () ncemch org>
Date: Sat, 03 Aug 2002 04:32:54 -0400
Paul Greene wrote:
What is a good way to take raw snort logs and alert files and organize them into a usable format? i.e. sort logs by specific IP address, by frequency of attack, protocol, or whatever ... (probably a dumb question, but I only installed snort for the first time ever just a couple of weeks ago) PG
i think this is what you're referring to... you can pour your data into a sql db (in the snort docs) and as far as front ends, check out acid (http://www.cert.org/kb/acid/) and/or demarc (www.demarc.com). check out their licensing info. i'm fairly new too but so far they've been very adequate. Jon Q ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- organizing snort logs into a usable format Paul Greene (Aug 02)
- Re: organizing snort logs into a usable format Jon Quiros (Aug 03)
- Re: organizing snort logs into a usable format Jon Quiros (Aug 03)