Re: [Snort-users] tcpdump file analysis

From: Joel Esler <jesler_at_nospam>
Date: Sun May 03 2009 - 08:32:45 GMT
To: Oguz Yarimtepe <comp.ogz@gmail.com>

Oguz Yarimtepe said:
> Hi,
>
> I want to analyze a prerecorded tcpdump file via snort. I checked that
> snort can read pcap files with -r parameter. I want to know whether i
> can send the generated results to mysql database and see the results
> from base interface.

Yes, If you run Snort as you would any other time in IPS mode "-c", and simply use the output plugins you have defined in your snort.conf, when you run Snort with the -r option, it will log the alerts generated from your pcap normally.

Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

This message: [ Message body ]
Next message: Oguz Yarimtepe: "Re: [Snort-users] tcpdump file analysis"
Previous message: Nigel Houghton: "Re: [Snort-users] tcpdump file analysis"
In reply to: Oguz Yarimtepe: "[Snort-users] tcpdump file analysis"
Next in thread: Oguz Yarimtepe: "Re: [Snort-users] tcpdump file analysis"
Reply: Oguz Yarimtepe: "Re: [Snort-users] tcpdump file analysis"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]