[Snort-users] Snort replay into ACID - Sensor Identification

Dustin Decker dustind at ...7902...
Tue Jan 7 14:48:05 EST 2003


Howdy all,
I'm doing a pretty vanilla dump to binary logs that are rotated every 
hour.  Later I replay them into a MySql database thusly:

for i in /var/log/snort/local_queue/*;
do /usr/sbin/snort -d -c /root/snort/snort.conf -r $i;
done

Again - pretty vanilla.  Now I'm getting into a situation where I'll be 
pulling binary files from a handful of hosts, and I don't know how to 
specify that each represents a different sensor in ACID.  Can anyone clue 
me in on the right way to approach this, or where a doc might be for it?

Many thanks,
Dustin

-- 
*-----------------------------------*
| Dustin Decker                     |
| dustind at ...7902...       *-----------------------------------------*
| http://www.dustindecker.com | "Evil is that which one believes of     |
| Moon-Lite Computing         | others. It is a sin to believe evil of  |
| 913.579.7117                | others, but it is seldom a mistake."    |
*-----------------------------|                                         |
                              |		-- H.L. Mencken                 |
                              |                                         |
                              *-----------------------------------------*





More information about the Snort-users mailing list