Snort mailing list archives
Re: log single packet vs reassmbled stream
From: Thomas Anderson <neo_ait () yahoo com>
Date: Mon, 4 Oct 2004 03:57:35 -0700 (PDT)
Hi Alex, First of all thank you for you quick reply..... I know about the tag keyword..... Is there any other way so that the entire session can be logged, if alert is generated in any of its packet.... The tag keyword only log packets after the alert generated.. and that to i have to specify the number of packets to log afterwards.. Actually I want to log the content of the entire session when any of its packet is alerted...... Regards Thomas "Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk> wrote: --On 03 October 2004 20:39 -0700 Thomas Anderson wrote:
If in a stream a packet got a alert then will the packet got logged or the stream got logged... or both of them get logged ??? If strem4 preprocessor is enabled..... What i see is that only the alerted packet is logged.... Is there any option to enable the logging of the entire reassembled packet ?????
Assuiming you mean 'entire reassembled session', then what you're after is the tag keyword (note, though, that it cannot go back in time and include packets that were sent before the alert was generated).
thanks in advance Thomas
Best Regards, Alex. -- Alex Butcher: Security & Integrity, Personal Computer Systems Group Information Systems and Computing GPG Key ID: F9B27DC9 GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9 __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- log single packet vs reassmbled stream Thomas Anderson (Oct 03)
- Re: log single packet vs reassmbled stream Alex Butcher, ISC/ISYS (Oct 04)
- Re: log single packet vs reassmbled stream Thomas Anderson (Oct 04)
- Re: log single packet vs reassmbled stream Alex Butcher, ISC/ISYS (Oct 04)
- Re: log single packet vs reassmbled stream Jason Haar (Oct 04)
- Re: log single packet vs reassmbled stream Thomas Anderson (Oct 04)
- Re: log single packet vs reassmbled stream Alex Butcher, ISC/ISYS (Oct 05)
- Re: log single packet vs reassmbled stream Thomas Anderson (Oct 04)
- Re: log single packet vs reassmbled stream Alex Butcher, ISC/ISYS (Oct 04)