Re: alert tcpdump log file per signature ID

[Russ via Snort-devel <snort-devel () lists snort org>]

The loggers do not track flows so the onus is on the log consumers. What 
exactly is the issue that you have?  Maybe there is some other way to 
address it.

On 3/20/18 9:45 AM, Ron H via Snort-devel wrote:
> Hello,
>
> We use Unifed2 packets logging to log our snort rules. Unifed2 log rotates
> every X MB size by definition.
> Our system, convert this unifed2 log to Pcap file by SigID and send him to
> IDS.
>
> The problem with Unifed2 logs can cut in the middle the sessions before
> ended because the logrotate.
> we interesting to reduce this issue.
>
> We would like to know, How we can resolve this issue?
> One of our solution we thinking is writing log unifed2/Pcap by SignatureID, It
> can be possible?
>
> Thanks!
>
>
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> 
> 	Virus-free. www.avg.com 
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> 
>
>
>
>
> _______________________________________________
> Snort-devel mailing list
> Snort-devel () lists snort org
> https://lists.snort.org/mailman/listinfo/snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!