Snort mailing list archives
Re: is it possible to get pcap logs in individual directories?
From: Jon <warchild () spoofed org>
Date: Tue, 11 Feb 2003 12:57:33 -0500
On Tue, Feb 11, 2003 at 09:47:36AM -0800, twig les wrote:
Snort *may* have what you're looking for, if what you're looking for is this (from snort.conf): # You can optionally define new rule types and associate one or # more output plugins specifically to that type. # # This example will create a type that will log to just tcpdump. # ruletype suspicious # { # type log # output log_tcpdump: suspicious.log # } # # EXAMPLE RULE FOR SUSPICIOUS RULETYPE: # suspicious $HOME_NET any -> $HOME_NET 6667 (msg:"Internal IRC Server";) I use this for some stupid traffic that sometimes preceeds a system crash on a problematic box. I just specify the full path
Yeah, I'm pretty sure this'd still just get me a single file with all the alerts in it, and not in its own directory. If worse came to worse, though, it seems that all the bits and pieces to get what I want exist in the Snort code base, so hacking something up might not be out of the question. Thanks, -jon
of the file I want to create. Although I can see where this
------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- is it possible to get pcap logs in individual directories? Jon (Feb 11)
- Re: is it possible to get pcap logs in individual directories? twig les (Feb 11)
- Re: is it possible to get pcap logs in individual directories? Jon (Feb 11)
- Re: is it possible to get pcap logs in individual directories? twig les (Feb 11)