Snort mailing list archives
spo_log_tcpdump plugin
From: Joel Healy <Joel.Healy () amphenderson co nz>
Date: Thu, 5 Dec 2002 15:07:30 +1300
Hi, I am looking at using the TCPDUMP ouput log plugin and no problems with the TCPDUMP files created, however i have noticed that hogwash only writes to the output file when the process is stopped. Is there any configuration that enables the writing of the TCPDUMP file with a certain frequency? The reason i ask is that i am looking to scp the TCPDUMP files to a central correlation point where i then snort -X -r them so they can be served up via http (linked to by Snortsnarf). Now the bit that may complicate matters is that i actually talking about snort 1.8.6 libraries that are used with Hogwash.. cheers joel ------- (This e-mail message and any accompanying attachments may contain information that is confidential and subject to legal privilege. If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments. If you have received this message in error, please delete the message and, if convenient, inform the sender as soon as possible.) ------------------------------------------------------- This SF.net email is sponsored by: Microsoft Visual Studio.NET comprehensive development tool, built to increase your productivity. Try a free online hosted session at: http://ads.sourceforge.net/cgi-bin/redirect.pl?micr0003en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- spo_log_tcpdump plugin Joel Healy (Dec 04)