Re: mysql to pcap?

["Richard Bejtlich" <taosecurity () gmail com>]

On Sat, Aug 30, 2008 at 11:26 PM, David J. Bianco <david () vorant com> wrote:
> This might be a more complicated solution than you're looking for,
> but check out Sguil (www.sguil.net).  It captures PCAP in addition to
> snort alerts (and network session logs as well), so when you're
> examining an event, you can easily reference the PCAP data for the
> entire network session, not just the single packet which caused the
> alert.  If you're ready to start looking at PCAP, you might as well
> go whole hog with it.
>
>        David

Hi Tim,

I second Sguil.  There's no need to reinvent the wheel when it was
implemented as an open source project in 2003.

Sincerely,

Richard

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users