[Snort-users] import historical data into ACID?

Chris Eidem ceidem at ...5503...
Wed Aug 7 08:57:07 EDT 2002


> Hello,
> 
> I'm trying out ACID and have got everything working, with the 
> exception,
> since I just installed it I have no data to run any useful 
> queries. Though I
> have a year's worth of Snort logs. Is there any way I can 
> bring these logs
> into the MySQL database so I can run some queries against 
> data for the last
> year?

set up a snort.conf to log to mysql:

output database: log, mysql, user=snort password=snort dbname=snort
host=localhost sensor_name=2
output database: alert, mysql, user=snort password=snort dbname=snort
host=localhost sensor_name=2

then go to the directory where your logs are and run this:
for i in `ls snort-*log`; do snort -A none -c
<path/to/snort.conf>snortmysql.conf -dr $i; done

this should fill your database up quite nicely...

 - chris





More information about the Snort-users mailing list