Snort mailing list archives
Re: Snort replay into ACID - Sensor Identification
From: Erek Adams <erek () snort org>
Date: Wed, 8 Jan 2003 11:16:58 -0500 (EST)
On Tue, 7 Jan 2003, Dustin Decker wrote: [...snip...]
for i in /var/log/snort/local_queue/*; do /usr/sbin/snort -d -c /root/snort/snort.conf -r $i; done Again - pretty vanilla. Now I'm getting into a situation where I'll be pulling binary files from a handful of hosts, and I don't know how to specify that each represents a different sensor in ACID. Can anyone clue me in on the right way to approach this, or where a doc might be for it?
If you'll check the DB output plugin, you'll see that you can specify the sensor ID in it's .conf setup. Now this means you'll have to go from vanilla to chocolate, but that's a good thing. :) One .conf for each box and a "host x.x.x.x" added to the command line would get you fixed right up. Cheers! ----- Erek Adams "When things get wierd, the wierd turn pro." H.S. Thompson ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort replay into ACID - Sensor Identification Dustin Decker (Jan 07)
- Re: Snort replay into ACID - Sensor Identification Erek Adams (Jan 08)