[Snort-users] Viewing packets logged to database WITHOUT alert
Tuttle, Matthew D.
mtuttle at ...11683...
Wed Apr 21 07:26:06 EDT 2004
I need help answering 2 questions.
1. Is there a tool which decodes/views/displays packets logged to a
database in the same way that "snort -r" can decode/view/display packets
from a log file?
2. Is it possible to view packets logged to a database as part of a
session which has been recorded by a dynamic rule (ie: they are sent to
the log facility not the alert facility). Tools like ACID only display
the packet logged with the alert.
More information about the Snort-users