RE: snort output

[Erek Adams <erek () snort org>]

On Tue, 5 Aug 2003, Slighter, Tim wrote:

> Thanks, that leads up to the next question, since I am using sguil, can BY
> be configured for 2 simultaneous outputs?  First output to sguil and then
> second to ACID?  OR, how much work would be involved to migrate the PHP
> scripts from ACID to extract the data from the sguildb instead?

Just run two instances of BY.  :)  Simple.

As for changing ACID....  Well, ummmm....  errr....  I have no idea.  :)
But from perusing the PHP, it shouldn't be too big of a hack to make it
work.  You just change the queries to match the sguil schema, and point it
to the sguil db.  Note:  This is theory.  Not fact.  And the two may _not_
intersect.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users