Snort mailing list archives
Re: simple quick question
From: Jed Haile <jed () grep net>
Date: Thu, 14 Jun 2001 08:09:47 -0600
Short answer: You can't. At least not in the alert file. Long answer: Try using a -b on the command line or put: output log_tcpdump: tcpdump.log Into your configuration file. This will cause snort to log the packets in tcpdump format into your log dir. You can then use snort -dv -r <tcpdump log file> to look at the packets. Or you can use ethereal or any of the many other tools that work with tcpdump files. Have fun, Jed On Thursday 14 June 2001 02:09 am, you wrote:
I've snort configured that it will log to MySQL and /var/log/snort/alert file. When there is an alert found that I want to know more about, I have a look at the payload and IP numbers, etc. via Acid GUI. When I have a look at the alert file I can't find any payload information. I played with some configuration settings but I can't get snort log the payload in the alert file. Does anybody has an idea? Thanks, Roeland _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- simple quick question Roeland Weve (Jun 14)
- Re: simple quick question Jed Haile (Jun 14)