Snort mailing list archives
RE: Rules Question
From: "Nelson, Ben" <bnelson () rightnow com>
Date: Tue, 5 Aug 2003 18:54:03 -0600
Try increasing the snap-length using the '-P' option. If you set this
to 0, you'll capture whole packets, but you may be able to tune the snap
length up enough to get the information you want without logging the
entirety of every packet.
--Ben
-----Original Message-----
From: Stevo [mailto:checkpoint () ozbergs com]
Sent: Tuesday, August 05, 2003 6:13 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Rules Question
I'm creating some new rules to use... I'm looking for certain
keywords in packets and have got the rule working, but I'm interested in
seeing more of the Payload... right now I'm just getting the line that
includes that keyword... how can I tell ACID to show me 10 lines on
either side of the keyword for example??
Stevo
Current thread:
- Rules Question Stevo (Aug 05)
- Re: Rules Question Stevo (Aug 05)
- Re: Rules Question Jon Baer (Aug 05)
- Re: Rules Question Erek Adams (Aug 06)
- Re: Rules Question Jon Baer (Aug 06)
- Re: Rules Question Stevo (Aug 06)
- Re: Rules Question Erek Adams (Aug 06)
- <Possible follow-ups>
- RE: Rules Question Nelson, Ben (Aug 05)
- RE: Rules Question Nelson, Ben (Aug 05)
- Re: Rules Question Stevo (Aug 05)