Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Mudpit & pcap.

From: Chris Keladis <chris () cmc optus net au>
Date: Tue, 08 Jun 2004 22:36:30 +1000
Hi all,

Hopefully this wont be considered too off-topic.
I was wondering if anyone has configured mudpit (unified output processor) to output pcap's as well as doing full logging/alerting to the database?
I've got it logging to the database correctly, but couldn't see any examples to write pcaps in tandem?
I'm considering possibly going back to Barnyard but i'm not sure since 0.1.0 if it captures both the log and alert streams like mudpit does? I can see an option to output pcap and database with Barnyard.
It's nice to surf about the front-end and look at the data in there, and then at less frequent intervals peruse the pcap's to drill-down on events, or use in forensic work. 




Thanks,

Chris.



-------------------------------------------------------
This SF.Net email is sponsored by: GNOME Foundation
Hackers Unite!  GUADEC: The world's #1 Open Source Desktop Event.
GNOME Users and Developers European Conference, 28-30th June in Norway
http://2004/guadec.org
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: