Snort mailing list archives
Re: Capturing Packets on Demand
From: Chris Green <cmg () uab edu>
Date: Tue, 02 Oct 2001 14:09:45 -0500
"Migus, Adam" <Adam_Migus () NAI com> writes:
Folks, I'm sure this question has probably been asked many times before but a quick scan of the FAQ revealed nothing so I'll ask again. What I want to do is this: For a given rule when the rule is triggered I want to log in tcpdump
Tagging in 1.8.1 is what you want. add tag: session, 100, seconds; to whatever rule you want to capture for the next 100seconds.
format that packet and each subsequent packet until the connection is terminated. If possible I'd also like it if each time the rule was triggers it would log the binary data to separate logfiles so that each file contained only one trace. The second part is icing on the cake and it not essential.
No icing unless you want the prinatble type view. -- Chris Green <cmg () uab edu> A watched process never cores. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Capturing Packets on Demand Migus, Adam (Oct 02)
- Re: Capturing Packets on Demand Chris Green (Oct 02)