[Snort-users] SANS

Imran William Smith iwsmith at ...487...
Wed Jul 17 17:47:03 EDT 2002


There's already a GCIA study guide.  In it, is listed lots of previous practicals that
have already written scripts / methods of processing the large amount of
data.  There's perl solutions, shell script solutions, database solutions.  I don't
think Acid alone will suffice.  If you go the database way, you would probably
wish to write raw SQL to get the results you need.

--
Imran William Smith
Security Products Development
Mimos Bhd, Malaysia





----- Original Message ----- 
From: "Gyorda.com" <snort at ...6347...>
To: <snort-users at lists.sourceforge.net>
Sent: Wednesday, July 17, 2002 10:28 PM
Subject: [Snort-users] SANS


| Hello,
|     Anyone done the SANS practical for Intrusion Detection?  If so how does
| one analyze part three of the practical where we have to take thousands of
| snort logs and analyze them?  Is there some simple method of importing them
| into ACID or snort snarf?  I can't see using grep/sort/find on all these
| logs and being done in time.
| 
| Big G
| 
| 
| 
| -------------------------------------------------------
| This sf.net email is sponsored by:ThinkGeek
| Welcome to geek heaven.
| http://thinkgeek.com/sf
| _______________________________________________
| Snort-users mailing list
| Snort-users at lists.sourceforge.net
| Go to this URL to change user options or unsubscribe:
| https://lists.sourceforge.net/lists/listinfo/snort-users
| Snort-users list archive:
| http://www.geocrawler.com/redir-sf.php3?list=snort-users
| 





More information about the Snort-users mailing list