SNORT / Shadow config setting question

["Raven, Mark" <Mark.Raven () thomson com>]

As a follow-up to a SAS70 audit, our auditing firm has requested I cut and
paste to them the lines in the shadow and SNORT config file(s) where it
proves that all packet headers are being logged.
Is any one out there a SNORT and Shadow guru and can point me to the right
file and appropriate lines so I can get this auditor out of my hair? Thanks.




> Mark Raven
> Senior Systems Engineer
> Thomson Legal & Regulatory
Technical Services
> 972-250-7449
Please note my new e-mail address: Mark.Raven () thomson com

This electronic message and all contents contain information which may be
privileged, confidential 
or otherwise protected from disclosure. The information is intended to be
for the addressee only. 
If you are not the addressee, any disclosure, copy, distribution or use of
the contents of this 
message is prohibited. If you have received this electronic message in
error, please notify me 
immediately and destroy the original message and all copies.