Snort mailing list archives
Re: SANS
From: "stefan dens" <larc () pandora be>
Date: Wed 17 Jul 2002 17:25:17 +0200
Hi, Well when I took the class in the beginning of last year, there wasn't any practical. But I guess the files are tcpdump files witch can be read by snort. snort -r 'filename' then you can insert them into a database or some other loggin analyse them. Stefan Dens ------------------------ "Gyorda.com" <snort () gyorda com> wrote: ------------------------ Hello,
Anyone done the SANS practical for Intrusion Detection? If so how does one analyze part three of the practical where we have to take thousands of snort logs and analyze them? Is there some simple method of importing them into ACID or snort snarf? I can't see using grep/sort/find on all these logs and being done in time. Big G ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users