[Snort-users] mysql to pcap?
taosecurity at ...11827...
Sun Aug 31 19:04:09 EDT 2008
On Sat, Aug 30, 2008 at 11:26 PM, David J. Bianco <david at ...13799...> wrote:
> This might be a more complicated solution than you're looking for,
> but check out Sguil (www.sguil.net). It captures PCAP in addition to
> snort alerts (and network session logs as well), so when you're
> examining an event, you can easily reference the PCAP data for the
> entire network session, not just the single packet which caused the
> alert. If you're ready to start looking at PCAP, you might as well
> go whole hog with it.
I second Sguil. There's no need to reinvent the wheel when it was
implemented as an open source project in 2003.
More information about the Snort-users