Snort mailing list archives
Re: ACID
From: Erek Adams <erek () snort org>
Date: Sat, 21 Jun 2003 08:41:38 -0400 (EDT)
On Wed, 18 Jun 2003, Rodney Green wrote:
I want to install ACID on a machine that has been running Snort for a while now. I'd like to be able to pull the data it has already collected into a snort database so ACID can read it. How could this be done?
Unless you've got the packets (pcap or unified) you're out of luck. You need to have the packets in a binary format so that you can use Snort to 'post-process' the data. You need to configure Snort to use Barnyard or the DB outuput plugin in snort.conf. Then you'd do something like: snort -c /etc/snort.conf -r <pcap file> And you should be good to go! Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: ACID Bill Frank (Mar 31)