RE: Weird question

["Schmehl, Paul L" <pauls () utdallas edu>]

> -----Original Message-----
> From: Erek Adams [mailto:erek () snort org] 
> Sent: Tuesday, August 05, 2003 9:36 AM
> To: Schmehl, Paul L
> Cc: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Weird question
>
> Not that wierd of a question.  :)
>
> Short answer:  No.
>
> Long answer:  The entire stream isn't saved to the DB.  Only 
> the packet that caused the alert.  This is where saving the 
> alerting packets to binary (pcap) form is handy.  I'd suggest 
> begging, borrowing, or stealing more disk space and running 
> double logging.  One to DB, one to pcap.
Actually, I think I'll just switch to squil.  (Furiously looking for a
time slot to do all that work....)

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users