Snort mailing list archives
Re: alert tcpdump log file per signature ID
From: Russ via Snort-devel <snort-devel () lists snort org>
Date: Tue, 20 Mar 2018 10:06:13 -0400
The loggers do not track flows so the onus is on the log consumers. What exactly is the issue that you have? Maybe there is some other way to address it.
On 3/20/18 9:45 AM, Ron H via Snort-devel wrote:
Hello, We use Unifed2 packets logging to log our snort rules. Unifed2 log rotates every X MB size by definition. Our system, convert this unifed2 log to Pcap file by SigID and send him to IDS. The problem with Unifed2 logs can cut in the middle the sessions before ended because the logrotate. we interesting to reduce this issue. We would like to know, How we can resolve this issue? One of our solution we thinking is writing log unifed2/Pcap by SignatureID, It can be possible? Thanks!<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virus-free. www.avg.com <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- alert tcpdump log file per signature ID Ron H via Snort-devel (Mar 20)
- Re: alert tcpdump log file per signature ID Russ via Snort-devel (Mar 20)