[Snort-users] SANS

stefan dens larc at ...1187...
Wed Jul 17 08:26:04 EDT 2002

Well when I took the class in the beginning of last year, there wasn't any practical. But I guess the files are tcpdump files witch can be read by snort.
snort -r 'filename'
then you can insert them into a database or some other loggin analyse them.

Stefan Dens

 "Gyorda.com" <snort at ...6347...> wrote:
>    Anyone done the SANS practical for Intrusion Detection?  If so how does
>one analyze part three of the practical where we have to take thousands of
>snort logs and analyze them?  Is there some simple method of importing them
>into ACID or snort snarf?  I can't see using grep/sort/find on all these
>logs and being done in time.
>Big G
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:

More information about the Snort-users mailing list