Re: Easy way to output alert and Hex+ASCII pcap data?

[Mike Cox <mike.cox52 () gmail com>]

Yeah, just like cmg (I saw that in the manual but didn't know what
"cmg style" was) but to a text file.  I guess I could always parse
stdout but I was hoping for a cleaner way.

Thanks a lot Joel.

-Mike Cox

On Mon, Mar 18, 2013 at 10:23 AM, Joel Esler <jesler () sourcefire com> wrote:
> On Mar 18, 2013, at 11:15 AM, Mike Cox <mike.cox52 () gmail com> wrote:
>
> I'm looking for an easy way to output (to a text file) the alert data
> (what you see in alert_full output) as well as a full hex+ASCII dump
> of the packet(s) that caused the alert.  Is there an easy way to do
> this?  I'd rather not have to log alerts to one file and pcap to
> another and then attempt to merge them.  Also, I'd rather not log to a
> DB or use unified2 and then have to parse unified2; I'd like this to
> be something I can just configure a sensor to do out of the box and
> not have to install a bunch of other packages.  I'm not expecting it
> to be efficient or use it in production, just something to make
> testing easier. I thought there would be an easy way to do this ... am
> I missing something here?
>
>
>
> Something like "-A cmg"?
>
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!