Re: [Snort-Users] about capturing packets

[Kevin Ross <kevross33 () googlemail com>]

By normal I assume you mean everything else (full packet capture?) and
affected I guess you mean logging the actual packet that triggered the
alert?

For logging the actual packet have snort logging to unified2 as it is
faster and then setup a database and have barnyard2 alerting to the
database. For normal packets I suggest if you have the disk space using
daemonlogger/openfpc to provide full packet capture and alerting
http://www.openfpc.org/ it can even be used with snorby to get the packets
you want http://snorby.org/. Various installation guides and what you need
can be found on the respective websites and the snort documentation.

Kind Regards,
Kevin Ross


On 13 February 2012 07:14, umakanta majhi <umakantmajhi () gmail com> wrote:

> hi all
>
> can any one tell how we can log both normal packets and effected packets
> in IDS mode????
>
> --
> To post to this group, send email to snortusers () googlegroups com
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!