If you can bzgrep for the packets, couldn't you also supply a read
filter to tethereal? (command line option -R)
I'd also ask, what kind of database and what kind of searching? I am
not familiar with Snort/Acid (and somehow don't think a web search for
"snort acid" would give me the desired results)
It seems that the protocolinfo tap (combined with a read filter) would
add extra (useful?) information to your bz2 files.
(-z proto,colinfo,<filter>,<field>)
Formal dumping of packet information to a database (SQL?) is on the todo
list for ethereal. At the moment, a very basic form could be made with
a tap listener that writes per-packet information to a file other than
standard out.
If you wanted to write such a tap, tap-protocolinfo.c would be a good
starting point...
Jaime Fournier wrote:
>
> Everyone,
> I am looking to record packets, and
> store certain ones in a db in realtime somewhat like
> Snort/Acid. Acid being the interface to the database.
> Actually I guess I am looking to see if anyone else
> does packet logging with ethereal/tethereal, and then
> stores it in some format that can be searched etc.
> Otherwise I will keep my hourly bz2 rollup of the
> collinfo stuff, and just bzgrep it.
>
> Thanks in advance.
>
> Jaime Fournier
>
> =====
> Jaime Fournier
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
