Snort mailing list archives

Viewing packets logged to database WITHOUT alert

From: "Tuttle, Matthew D." <mtuttle () americanhebrewacademy org>
Date: Tue, 20 Apr 2004 17:07:33 -0400

Hello all,

I need help answering 2 questions.

1. Is there a tool which decodes/views/displays packets logged to a
database in the same way that "snort -r" can decode/view/display packets
from a log file?

2. Is it possible to view packets logged to a database as part of a
session which has been recorded by a dynamic rule (ie: they are sent to
the log facility not the alert facility).  Tools like ACID only display
the packet logged with the alert.


Best,
Matt


-------------------------------------------------------
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg297
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Viewing packets logged to database WITHOUT alert Tuttle, Matthew D. (Apr 21)
- <Possible follow-ups>
- Viewing packets logged to database WITHOUT alert Tuttle, Matthew D. (Apr 27)
- Viewing packets logged to database WITHOUT alert Tuttle, Matthew D. (Apr 27)
- Viewing packets logged to database WITHOUT alert Tuttle, Matthew D. (Apr 27)