[Snort-users] How to use the packet logger and NID mode at the same time

Didier CONTIS dcontis at ...163...
Mon Nov 19 18:39:01 EST 2001


I am trying to find out if it would be possible using one instance of snort,
to simultaneouly record all the traffic in one location and perform the
regular NIDS  analysis with alerts being logged in a different location
(or sent to a database).

The idea behind dumping all the traffic is for us to record one or two days
of traffic for post-mortem analysis.

Has anyone tried something like that before ?

Thanks for any suggestions.

Didier










More information about the Snort-users mailing list