Snort mailing list archives
RE: Snort outputting like tcpdump
From: Erek Adams <erek () snort org>
Date: Sun, 19 Jan 2003 14:02:42 -0500 (EST)
On Sun, 19 Jan 2003, Christopher Lyon wrote:
Got it, So I would be better off using tcpdump, ethereal or something like that do capture what I want and log it to a separate database.
It depends. Keep in mind that tcpdump can't log to a db. You'll have to log to a pcap and then run the pcap thru snort if you want it to go into a db. You might be better off to modify the db ouput plugin. That way you could just simply remove the payload from the output. That would allow you to still do intrusion detection, while logging everything except the payload to the DB. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Snort outputting like tcpdump Christopher Lyon (Jan 19)
- RE: Snort outputting like tcpdump Erek Adams (Jan 19)