[Snort-users] snort(psql + acid)

Jonathan rakocy at ...4983...
Thu Feb 14 20:32:02 EST 2002


Hello,

I'm fairly new to snort but am learning.  I have no problems with
snortsnarf which is helpful to sift through a lot of logs.  Problem is, I
took over for the guy that just left.  He set up psql to log packets and
now I'm stuck trying to use a database I know >nothing< about to get any
useful information from these packets. 

I was told to try ACID, which I have set up but have some issues
using.  Everything is set up correctly, there just seems to be problems
concerning authentication of a user accessing the db with afs and
kerberos that we haven't been able to work out. 

To the point, I'm looking for some information, a website, anything to
help me learn snort+psql and maybe acid.  I found the postgresql docs but
they are of little help if you don't know what to select in the snort-db
(plus those docs look mostly like gibberish to me.. ack... :) ).  Any
help or suggestions would be appreciated. 


Frustrated, :)

~jonathan







More information about the Snort-users mailing list