Snort mailing list archives
Re: Snort /var/log/snort/tcpdump<>
From: Eoin Miller <eoin.miller () trojanedbinaries com>
Date: Tue, 27 Dec 2011 00:50:21 -0500
Are there multiple alerts for the same session? There appears to be a bug where only the first alert has logged packets in the unified2 output. This could be the same issue effecting the PCAP output. -- Eoin On Dec 26, 2011, at 10:52 PM, amN0P () me com wrote:
Hi everyone, I am sending Snort alerts to central syslog server. If I want more insight I go to /var/log/snort/tcpdumpxxx pcap files to learn what triggered the alert. Many a times I dont see a equivalent pcap log for syslog alert. What do these tcpdump pcap contain and no contain. Does it have full packet dumps of all alerts triggered from rules file but not from so rules? Can someone please clarify. Thanks. -Ams ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort /var/log/snort/tcpdump<> amN0P (Dec 26)
- Re: Snort /var/log/snort/tcpdump<> Eoin Miller (Dec 26)
- Re: Snort /var/log/snort/tcpdump<> Amit B (Dec 27)
- Re: Snort /var/log/snort/tcpdump<> Eoin Miller (Dec 26)