Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort outputting like tcpdump

From: Erek Adams <erek () snort org>
Date: Sun, 19 Jan 2003 14:02:42 -0500 (EST)
On Sun, 19 Jan 2003, Christopher Lyon wrote:


Got it,
So I would be better off using tcpdump, ethereal or something like that
do capture what I want and log it to a separate database.


It depends.  Keep in mind that tcpdump can't log to a db.  You'll have to
log to a pcap and then run the pcap thru snort if you want it to go into a
db.

You might be better off to modify the db ouput plugin.  That way you could
just simply remove the payload from the output.  That would allow you to
still do intrusion detection, while logging everything except the payload
to the DB.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: