Snort mailing list archives

Re: ACID

From: Erek Adams <erek () snort org>
Date: Sat, 21 Jun 2003 08:41:38 -0400 (EDT)

On Wed, 18 Jun 2003, Rodney Green wrote:

I want to install ACID on a machine that has been running Snort for a while
now. I'd like to be able to pull the data it has already collected into a
snort database so ACID can read it. How could this be done?


Unless you've got the packets (pcap or unified) you're out of luck.  You
need to have the packets in a binary format so that you can use Snort to
'post-process' the data.  You need to configure Snort to use Barnyard or
the DB outuput plugin in snort.conf.  Then you'd do something like:

        snort -c /etc/snort.conf -r <pcap file>

And you should be good to go!

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

RE: ACID Bill Frank (Mar 31)
- <Possible follow-ups>
- Re: ACID Master Brian (Apr 01)
- RE: ACID Chris Eidem (Apr 03)
- ACID Esler, Joel Contractor (Jun 11)
- ACID Rodney Green (Jun 18)
  - Re: ACID Erek Adams (Jun 21)
- acid Bryan Irvine (Jun 25)
  - Re: acid Jon Baer (Jun 25)
  - Re: acid sunzi (Jun 25)
- Fwd: Re: acid Jason K. Boykin (Jun 25)