[Snort-users] SANS

stefan dens larc at ...1187...
Wed Jul 17 08:26:04 EDT 2002


Hi,
Well when I took the class in the beginning of last year, there wasn't any practical. But I guess the files are tcpdump files witch can be read by snort.
snort -r 'filename'
then you can insert them into a database or some other loggin analyse them.

Stefan Dens

------------------------
 "Gyorda.com" <snort at ...6347...> wrote:
------------------------
Hello,
>    Anyone done the SANS practical for Intrusion Detection?  If so how does
>one analyze part three of the practical where we have to take thousands of
>snort logs and analyze them?  Is there some simple method of importing them
>into ACID or snort snarf?  I can't see using grep/sort/find on all these
>logs and being done in time.
>
>Big G
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>http://thinkgeek.com/sf
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list