Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort replay into ACID - Sensor Identification

From: Dustin Decker <dustind () moon-lite com>
Date: Tue, 7 Jan 2003 17:04:57 -0600 (CST)
Howdy all,
I'm doing a pretty vanilla dump to binary logs that are rotated every 
hour.  Later I replay them into a MySql database thusly:

for i in /var/log/snort/local_queue/*;
do /usr/sbin/snort -d -c /root/snort/snort.conf -r $i;
done

Again - pretty vanilla.  Now I'm getting into a situation where I'll be 
pulling binary files from a handful of hosts, and I don't know how to 
specify that each represents a different sensor in ACID.  Can anyone clue 
me in on the right way to approach this, or where a doc might be for it?

Many thanks,
Dustin

-- 
*-----------------------------------*
| Dustin Decker                     |
| dustind () moon-lite com       *-----------------------------------------*
| http://www.dustindecker.com | "Evil is that which one believes of     |
| Moon-Lite Computing         | others. It is a sin to believe evil of  |
| 913.579.7117                | others, but it is seldom a mistake."    |
*-----------------------------|                                         |
                              |         -- H.L. Mencken                 |
                              |                                         |
                              *-----------------------------------------*



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: