Snort mailing list archives
Re: tcpdump script
From: Joel Esler <eslerj () gmail com>
Date: Tue, 7 Apr 2009 19:46:50 -0400
Excellent point. Same thing, just with Daemonlogger. Excellent. On Tue, Apr 7, 2009 at 7:28 PM, Jason Brvenik <jasonb () sourcefire com> wrote:
You might want to check out daemonlogger instead. It is more specifically designed for that purpose. http://www.snort.org/users/roesch/Site/Daemonlogger/Daemonlogger.html On Tue, Apr 7, 2009 at 7:07 PM, Jefferson, Shawn <Shawn.Jefferson () bcferries com> wrote:Hi, I wanted to run tcpdump to capture all traffic on my snort sensor, so that if I want to go take a look at traffic based on snort alerts I could get more context. I’ve setup a couple of scripts to gzip the packet captures and send them to a storage server. My question is about starting tcpdump itself. I tried doing it in the same script that starts snort and barnyard, but this didn’t seem to work and I think it’s due to the fact that tcpdump needs to be run as root (?). So, I’ve created a root cron job that runs every five minutes will start tcpdump if it finds it not running (using “pidof tcpdump”). Not being a linux guru, is this the right way to approach this problem? Thanks, Shawn ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- joel esler | Sourcefire | gtalk: jesler () sourcefire com | 302-223-5974 ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- tcpdump script Jefferson, Shawn (Apr 07)
- Re: tcpdump script Joel Esler (Apr 07)
- Re: tcpdump script Jason Brvenik (Apr 07)
- Re: tcpdump script Joel Esler (Apr 07)
- Re: tcpdump script Bamm Visscher (Apr 07)
- <Possible follow-ups>
- Re: tcpdump script Nathaniel Richmond (Apr 07)
- Re: tcpdump script Leon Ward (Apr 08)
- Re: tcpdump script Jack Pepper (Apr 08)
- Re: tcpdump script Leon Ward (Apr 08)
- Re: tcpdump script Jason Brvenik (Apr 08)
- Re: tcpdump script Leon Ward (Apr 09)
- Re: tcpdump script John Hally (Apr 08)
- Re: tcpdump script Leon Ward (Apr 08)
- Re: tcpdump script Nathaniel Richmond (Apr 08)
- Re: tcpdump script Nigel Houghton (Apr 08)