[Snort-users] Viewing packets logged to database WITHOUT alert

Tuttle, Matthew D. mtuttle at ...11683...
Tue Apr 27 07:38:35 EDT 2004


Hello all,

I need help answering 2 questions.

1. Is there a tool which decodes/views/displays packets logged to a
database in the same way that "snort -r" can decode/view/display packets
from a log file?

2. Is it possible to view packets logged to a database as part of a
session which has been recorded by a dynamic rule (ie: they are sent to
the log facility not the alert facility).  Tools like ACID only display
the packet logged with the alert.


Best,
Matt




More information about the Snort-users mailing list