raghuni
asked on
Importing Snort's tcpdump into mysql
We crated snort database using the schema file "create_mysql" in mysql database.
After running the snort with -L option for some time (ex: snort -L tcpdump.log), we want to import the data in tcpdump.log into snort database which we have created earlier in mysql. How to that ?
After running the snort with -L option for some time (ex: snort -L tcpdump.log), we want to import the data in tcpdump.log into snort database which we have created earlier in mysql. How to that ?
If you configure snort to log everything to MySQL according to the docs you should be able to reread
the binary log with 'snort -r tcpdump.log' to process all packets again and get them into the database.
The file has tcpdump format, ethereal et al can read them, but packets are encapsulated within a
"SNORT-protocol" that shows up as ip-proto-255 with some cause code appended.
the binary log with 'snort -r tcpdump.log' to process all packets again and get them into the database.
The file has tcpdump format, ethereal et al can read them, but packets are encapsulated within a
"SNORT-protocol" that shows up as ip-proto-255 with some cause code appended.
ASKER
I already had some tcpdump file. I want to dump the content of the this file into snort database.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
along:
output database: log, mysql, dbname=snort, username=snort.....
or
output database: alert, mysql, dbname=snort, username=snort, password=....
If everything has been install correctly there is a configuration description in the file called README.database
then everything will be put into the database by snort itself....... No need to import.
In the mean time I will look if I can find a solution to the actual question..... ;-)