Snort mailing list archives
Re: [Snort-Users] about capturing packets
From: Kevin Ross <kevross33 () googlemail com>
Date: Mon, 13 Feb 2012 08:31:25 +0000
By normal I assume you mean everything else (full packet capture?) and affected I guess you mean logging the actual packet that triggered the alert? For logging the actual packet have snort logging to unified2 as it is faster and then setup a database and have barnyard2 alerting to the database. For normal packets I suggest if you have the disk space using daemonlogger/openfpc to provide full packet capture and alerting http://www.openfpc.org/ it can even be used with snorby to get the packets you want http://snorby.org/. Various installation guides and what you need can be found on the respective websites and the snort documentation. Kind Regards, Kevin Ross On 13 February 2012 07:14, umakanta majhi <umakantmajhi () gmail com> wrote:
hi all can any one tell how we can log both normal packets and effected packets in IDS mode???? -- To post to this group, send email to snortusers () googlegroups com Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: [Snort-Users] about capturing packets Kevin Ross (Feb 13)
- <Possible follow-ups>
- Re: [Snort-Users] about capturing packets Joel Esler (Feb 13)
- Message not available
- Re: [Snort-Users] about capturing packets Kevin Ross (Feb 14)
- Re: [Snort-Users] about capturing packets Martin Holste (Feb 14)
- Re: [Snort-Users] about capturing packets Jefferson, Shawn (Feb 14)
- Message not available