Home page logo
/

snort logo Snort mailing list archives

Re: How do I automate reading multiple captures?
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 15 Dec 2010 17:20:21 -0500

On Dec 15, 2010, at 8:42 AM, Matt Lenco wrote:

I have ~100 binary capture files given to me per month. I am currently reading them into SNORT, if the Kiwi Syslog 
shows alerts I save this off into a cell in an Excel spreadsheet along with the filename of the bin file reading into 
SNORT. 

I need a better process, something where I can kick off in batch mode, read all 100 files and then each file read has 
its own file of the suspicious packets in it and a view of the SNORT generated alerts showing up in Kiwi syslog. Can 
I then import these two to a report generator somehow?

How do I do this, automated?

You can script Snort, perhaps with the --pcap-dir argument for the command line.  Take a look at "snort -h" and look 
for the --pcap-dir argument.

J
------------------------------------------------------------------------------
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
http://p.sf.net/sfu/lotusphere-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault