[Snort-users] Snort replay into ACID - Sensor Identification

Dustin Decker dustind at ...7902...
Tue Jan 7 14:48:05 EST 2003

Howdy all,
I'm doing a pretty vanilla dump to binary logs that are rotated every 
hour.  Later I replay them into a MySql database thusly:

for i in /var/log/snort/local_queue/*;
do /usr/sbin/snort -d -c /root/snort/snort.conf -r $i;

Again - pretty vanilla.  Now I'm getting into a situation where I'll be 
pulling binary files from a handful of hosts, and I don't know how to 
specify that each represents a different sensor in ACID.  Can anyone clue 
me in on the right way to approach this, or where a doc might be for it?

Many thanks,

