Snort mailing list archives
Re: full tcpdump logging with alerting
From: Martin Roesch <roesch () sourcefire com>
Date: Mon, 13 Aug 2001 09:41:28 -0400
Sure, add this rule: log ip any any -> any any -Marty Ryan.Oliver () pha com au wrote:
Greetings all, I was wondering if it was possible to run snort logging ALL traffic to a tcpdump file ( not just alerts ), while logging alerts etc to a database/syslog in real time. I have my snort.conf file setup for output plugins as such output alert_syslog: LOG_AUTH LOG_ALERT output log_tcpdump: snort.log output database: log, mysql, user=snort password=xxxxxxxxx dbname=snort host=xxxxxxxx The reasoning behind wanting to keep full tcpdump logfiles is to be able to replay whole sessions when anything unusual happens. I am trying to avoid running both snort and tcpdump together at once..... Any ideas appreciated Best regards Ryan Oliver
-- Martin Roesch roesch () sourcefire com http://www.sourcefire.com - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- full tcpdump logging with alerting Ryan . Oliver (Aug 13)
- Re: full tcpdump logging with alerting Chris Green (Aug 13)
- Re: full tcpdump logging with alerting Martin Roesch (Aug 13)
- Re: full tcpdump logging with alerting Martin Roesch (Aug 13)
- <Possible follow-ups>
- Re: full tcpdump logging with alerting Ryan . Oliver (Aug 14)
- Re: full tcpdump logging with alerting Chris Green (Aug 13)