tcpdump script

["Jefferson, Shawn" <Shawn.Jefferson () bcferries com>]

Hi,

I wanted to run tcpdump to capture all traffic on my snort sensor, so that if I want to go take a look at traffic based 
on snort alerts I could get more context.  I've setup a couple of scripts to gzip the packet captures and send them to 
a storage server.  My question is about starting tcpdump itself.  I tried doing it in the same script that starts snort 
and barnyard, but this didn't seem to work and I think it's due to the fact that tcpdump needs to be run as root (?).

So, I've created a root cron job that runs every five minutes will start tcpdump if it finds it not running (using 
"pidof tcpdump").

Not being a linux guru, is this the right way to approach this problem?

Thanks,
Shawn

------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users