[Snort-users] Snort's Test Logger

Ibrahim Ahmed ibrahim10.h at gmail.com
Fri May 18 19:35:05 EDT 2018


Hello everyone,

With the Darpa99 dataset, I'm trying to discern packets responsible for
triggering each alert that snort produces on the dataset.

I've read online that Snort's test logger (running snort with '-A test')
produces the packet number for each alert that is triggered.

However, the test logger gives me packet numbers as high as ~1.6 million,
whereas my dataset has only 22,000 packets.

Has anyone done this packet-to-alert correlation before?

Many thanks,
Ibrahim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180518/1c943721/attachment.html>


More information about the Snort-users mailing list