Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Feeding mysql db with alert log files.

From: Erek Adams <erek () snort org>
Date: Mon, 23 Jun 2003 11:00:07 -0400 (EDT)
On Sun, 22 Jun 2003, Daniel Gil wrote:


Iam using snort 2 with mysql and ACID.

Iam just want to know if its posible to feed a mysql db with snort log
files that have already been written to disk in text format (portscan,
alerts, and packet logs) in order to analyze them with ACID.

It's seems this task is easy to perform if the logs are in tcpdump
format.

I have just found an old script (for snort 1.6.x) by Sean Brown. I
couldnĀ“t find any sample of a snort 1.6.x alert log file in order to
compare them with my snort 2 alert log files.

Any advice (as change yer log format to tcpdump) is welcome !.


It is easy...  Sorta.

If you have the alerts in a pcap, you only get those packets.  If you save
the entire network data, then you'll also be able to get alerts from
stream4.

Just keep in mind:  The snort.log pcap output only has the data from the
alerts and the associated packet.  Nothing else.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: