Snort mailing list archives
Re: Easy way to output alert and Hex+ASCII pcap data?
From: Joel Esler <jesler () sourcefire com>
Date: Mon, 18 Mar 2013 11:23:01 -0400
On Mar 18, 2013, at 11:15 AM, Mike Cox <mike.cox52 () gmail com> wrote:
I'm looking for an easy way to output (to a text file) the alert data (what you see in alert_full output) as well as a full hex+ASCII dump of the packet(s) that caused the alert. Is there an easy way to do this? I'd rather not have to log alerts to one file and pcap to another and then attempt to merge them. Also, I'd rather not log to a DB or use unified2 and then have to parse unified2; I'd like this to be something I can just configure a sensor to do out of the box and not have to install a bunch of other packages. I'm not expecting it to be efficient or use it in production, just something to make testing easier. I thought there would be an easy way to do this ... am I missing something here?
Something like "-A cmg"? -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Easy way to output alert and Hex+ASCII pcap data? Mike Cox (Mar 18)
- Re: Easy way to output alert and Hex+ASCII pcap data? Joel Esler (Mar 18)
- Re: Easy way to output alert and Hex+ASCII pcap data? Mike Cox (Mar 18)
- Re: Easy way to output alert and Hex+ASCII pcap data? waldo kitty (Mar 18)
- Re: Easy way to output alert and Hex+ASCII pcap data? Joel Esler (Mar 18)