[Snort-users] SANS

Imran William Smith iwsmith at ...487...
Wed Jul 17 17:47:03 EDT 2002

There's already a GCIA study guide.  In it, is listed lots of previous practicals that
have already written scripts / methods of processing the large amount of
data.  There's perl solutions, shell script solutions, database solutions.  I don't
think Acid alone will suffice.  If you go the database way, you would probably
wish to write raw SQL to get the results you need.

Imran William Smith
Security Products Development
Mimos Bhd, Malaysia

----- Original Message ----- 
From: "Gyorda.com" <snort at ...6347...>
To: <snort-users at lists.sourceforge.net>
Sent: Wednesday, July 17, 2002 10:28 PM
Subject: [Snort-users] SANS

| Hello,
|     Anyone done the SANS practical for Intrusion Detection?  If so how does
| one analyze part three of the practical where we have to take thousands of
| snort logs and analyze them?  Is there some simple method of importing them
| into ACID or snort snarf?  I can't see using grep/sort/find on all these
| logs and being done in time.
| Big G
| -------------------------------------------------------
| This sf.net email is sponsored by:ThinkGeek
| Welcome to geek heaven.
| http://thinkgeek.com/sf
| _______________________________________________
| Snort-users mailing list
| Snort-users at lists.sourceforge.net
| Go to this URL to change user options or unsubscribe:
| https://lists.sourceforge.net/lists/listinfo/snort-users
| Snort-users list archive:
| http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list