[Snort-users] Logging to tcpdump file and d/b

Steve Hutchins Steve.Hutchins at ...277...
Sun Mar 4 21:44:19 EST 2001


I have a 1.7 sensor logging to tcpdump, syslog and mysql/acid
(I know it's not efficient - it's in test)

In checking through some alerts I replayed the binary file back 
through snort and tcpdump,
(grepping for the source address seen in acid) it didn't show
anything for that address. (I also used vi on the output and
paged through looking by date/time)

So, I see the alert in syslog and acid with same date/time but
not in the binary file.
The binary file has plenty of entries for the last several days.

Any ideas?

Steve




More information about the Snort-users mailing list