Home page logo

snort logo Snort mailing list archives

Re: How do I automate reading multiple captures?
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 15 Dec 2010 17:20:21 -0500

On Dec 15, 2010, at 8:42 AM, Matt Lenco wrote:

I have ~100 binary capture files given to me per month. I am currently reading them into SNORT, if the Kiwi Syslog 
shows alerts I save this off into a cell in an Excel spreadsheet along with the filename of the bin file reading into 

I need a better process, something where I can kick off in batch mode, read all 100 files and then each file read has 
its own file of the suspicious packets in it and a view of the SNORT generated alerts showing up in Kiwi syslog. Can 
I then import these two to a report generator somehow?

How do I do this, automated?

You can script Snort, perhaps with the --pcap-dir argument for the command line.  Take a look at "snort -h" and look 
for the --pcap-dir argument.

Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]