[Snort-users] -r'ing multiple logs.

Max Vision vision at ...4...
Tue Jan 30 11:32:10 EST 2001


On 30 Jan 2001, Chris Green wrote:
> What would be somewhat useful is a simple tool to merge snort logs
> together for this type of situation.  Does anyone happen to have one
> of these done already?

You want pcapmerge or tcpslice.  Try these direct links:

http://indev.insu.com/sources/pcapmerge-1.0.tar.gz
http://whitehats.com/tools/sniffing/tcpslice-1.1a3.tar.Z

pcapmerge is written in perl and is rumored to be more portable... it does
require that you install the perl module "Net::Pcap 0.03" though.

Max





More information about the Snort-users mailing list