Snort mailing list archives

Re: snort3 how to Save the attack packet

From: "Katura Harvey \(katharve\) via Snort-devel" <snort-devel () lists snort org>
Date: Tue, 19 Oct 2021 18:10:48 +0000

Take a look at the logger modules. If you're looking to dump the packet along with the alert, you should be able to use 
alert_fast with the packet option set to true.

Thanks,
Katura

From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of 文浩 via Snort-devel <snort-devel () lists snort 
org>
Reply-To: 文浩 <15135147016 () 163 com>
Date: Tuesday, October 19, 2021 at 4:42 AM
To: "snort-devel () lists snort org" <snort-devel () lists snort org>
Subject: [Snort-devel] snort3 how to Save the attack packet


  *   ips , How to Retain attack evidence packets after an alert generated

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

snort3 how to Save the attack packet 文浩 via Snort-devel (Oct 19)
- Re: snort3 how to Save the attack packet Katura Harvey (katharve) via Snort-devel (Oct 19)