faking database entries

[Yonah Russ <yonah () mail jct ac il>]

Hi,
 I asked a while back about incorporating arpwatch into snort... then
someone said it was being worked on but I haven't heard about it since...
I figured the easiest way for me to get arpwatch integrated is to parse
its alerts and fake database entries as if they came from snort itself...
With all the optimizations in the database, I wanted to ask for the
official lowdown on what has to be fiddled with for this kind of entry to
work out... I'm using Snort v1.7 with ACID v0.9.6b10 - I would rather not
upgrade to snort v1.8 if I don't have to because this is part of a final
project for my degree(final==must finish).
thanks
yonah

Email:          <yonah () execs com>
Homepage:       <http://p-yonah.jct.ac.il/>
PGP:            0x7C3C2524 <ldap://certserver.pgp.com>

"Quote me as saying I was misquoted."
                                --Groucho Marx


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users