I am interested in using BASE to analyze pcap files post incident instead of as a sensor. I have been working on using Snort to replay the pcap file and log it to the appropriate database - without success. If someone has worked through this and would be willing to share their experience I would appreciate it.
What error are you getting with Snort? If Snort is told to read the files and alert based on its rules to a DB, this should work fine.
Log in to post a comment.