Re: Capturing Packets on Demand

[Chris Green <cmg () uab edu>]

"Migus, Adam" <Adam_Migus () NAI com> writes:

> Folks,
> I'm sure this question has probably been asked many times before but
> a quick scan of the FAQ revealed nothing so I'll ask again.
> What I want to do is this:
> For a given rule when the rule is triggered I want to log in tcpdump

Tagging in 1.8.1 is what you want.

add tag: session, 100, seconds; to whatever rule you want to capture
for the next 100seconds.

> format that packet and each subsequent packet until the connection is
> terminated.  If possible I'd also like it if each time the rule was
> triggers it would log the binary data to separate logfiles so that
> each file contained only one trace.  The second part is icing on the
> cake and it not essential.

No icing unless you want the prinatble type view.

-- 
Chris Green <cmg () uab edu>
A watched process never cores.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users