Snort mailing list archives
Re: tcpdump file analysis
From: Joel Esler <jesler () sourcefire com>
Date: Sun, 3 May 2009 04:32:45 -0400
Oguz Yarimtepe said:
Hi, I want to analyze a prerecorded tcpdump file via snort. I checked that snort can read pcap files with -r parameter. I want to know whether i can send the generated results to mysql database and see the results from base interface.
Yes, If you run Snort as you would any other time in IPS mode "-c", and simply use the output plugins you have defined in your snort.conf, when you run Snort with the -r option, it will log the alerts generated from your pcap normally. J
Attachment:
_bin
Description:
------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- tcpdump file analysis Oguz Yarimtepe (May 03)
- Re: tcpdump file analysis Nigel Houghton (May 03)
- Re: tcpdump file analysis Joel Esler (May 03)
- Re: tcpdump file analysis Oguz Yarimtepe (May 03)