Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Georg Dingler
August 10, 2004, 9:46 pm
rate this thread
..csv support for snort I do like many others - the standard output in
the *.ids files is good enough. But the standard output cannot be read
into a database like MS Access for analyzing purposes. In order to
achieve this goal I wrote a little Freeware tool in C# for converting
the .ids standard output into a .csv structure that can be easily read
with a database like MS Access.
Examples on Athlon 2200, 1 GB RAM:
- 50.000 Alerts are converted in 2 seconds (without -v option)
- 2,5 Mio. Alerts are converted in a few minutes (with verbose output)