Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort replay into ACID - Sensor Identification

From: Erek Adams <erek () snort org>
Date: Wed, 8 Jan 2003 11:16:58 -0500 (EST)
On Tue, 7 Jan 2003, Dustin Decker wrote:

[...snip...]


for i in /var/log/snort/local_queue/*;
do /usr/sbin/snort -d -c /root/snort/snort.conf -r $i;
done

Again - pretty vanilla.  Now I'm getting into a situation where I'll be
pulling binary files from a handful of hosts, and I don't know how to
specify that each represents a different sensor in ACID.  Can anyone clue
me in on the right way to approach this, or where a doc might be for it?


If you'll check the DB output plugin, you'll see that you can specify the
sensor ID in it's .conf setup.  Now this means you'll have to go from
vanilla to chocolate, but that's a good thing.  :)  One .conf for each box
and a "host x.x.x.x" added to the command line would get you fixed right
up.

Cheers!

-----
Erek Adams

   "When things get wierd, the wierd turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: