[Snort-users] How to use the packet logger and NID mode at the same time
dcontis at ...163...
Mon Nov 19 18:39:01 EST 2001
I am trying to find out if it would be possible using one instance of snort,
to simultaneouly record all the traffic in one location and perform the
regular NIDS analysis with alerts being logged in a different location
(or sent to a database).
The idea behind dumping all the traffic is for us to record one or two days
of traffic for post-mortem analysis.
Has anyone tried something like that before ?
Thanks for any suggestions.
More information about the Snort-users