[Snort-users] ACID

Erek Adams erek at ...950...
Sat Jun 21 05:43:01 EDT 2003


On Wed, 18 Jun 2003, Rodney Green wrote:

> I want to install ACID on a machine that has been running Snort for a while
> now. I'd like to be able to pull the data it has already collected into a
> snort database so ACID can read it. How could this be done?

Unless you've got the packets (pcap or unified) you're out of luck.  You
need to have the packets in a binary format so that you can use Snort to
'post-process' the data.  You need to configure Snort to use Barnyard or
the DB outuput plugin in snort.conf.  Then you'd do something like:

	snort -c /etc/snort.conf -r <pcap file>

And you should be good to go!

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list