[Snort-users] Bulk export?

JoeSox joesox at ...11827...
Tue Jul 10 22:33:34 EDT 2012

Thanks for the response. I ended up just doing a mysql dump and saving the file.
It was a Windows host and on a workgroup so I couldn't use Network
Monitor Agent or other methods. The end user was on the pc at the
Thanks, Joe

On Tue, Jul 10, 2012 at 7:04 PM, waldo kitty <wkitty42 at ...14940...> wrote:
> On 7/9/2012 21:45, JoeSox wrote:
>> Hi,
>> I have been using SNORT for over 2 years now but never figured out the
>> best way to bulk export pcap or all the alert information.
>> Right now I am using SNORT v2.9.2.1-23.nst16 and BASE 1.4.5p1-6.nst16
>> Any tips on this would be a big help. I shut off all the rules and
>> monitored one host for entire work day (around 14,000 alerts) now I
>> need to export that data out for analyzation.
> i wouldn't do anything like that, myself... i'd run snort as configured normally
> and also run TCPDUMP in capture mode for that host machine... then you have ALL
> traffic to and from that host and can then maybe also find stuff that is not
> already known or tracked... this way you can use whatever pcap dump tool you like ;)
> sorry that i don't know anything about BASE or similar... i'm pretty old school
> i guess :|
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

More information about the Snort-users mailing list