[Snort-users] tcpdump file analysis

Joel Esler jesler at ...1935...
Sun May 3 04:32:45 EDT 2009


Oguz Yarimtepe said:
> Hi,
> 
> I want to analyze a prerecorded tcpdump file via snort. I checked that
> snort can read pcap files with -r parameter. I want to know whether i
> can send the generated results to mysql database and see the results
> from base interface. 

Yes,  If you run Snort as you would any other time in IPS mode "-c", and
simply use the output plugins you have defined in your snort.conf, when
you run Snort with the -r option, it will log the alerts generated from
your pcap normally.


J
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090503/5e20433d/attachment.sig>


More information about the Snort-users mailing list