Snort mailing list archives

Showing triggered pcap file name in output alert

From: Hassan Faizan <hassanfaizan () ebryx com>
Date: Wed, 9 Dec 2015 12:26:25 +0500

HI:

Actually, I am processing multiple pcaps by recurisng directory to look for
the pcaps through the following command

                                               * snort -c snort.conf -l
../alert --pcap-dir <dir_path> -q -A console --pcap-show*

This command shows pcap going to be processed. What I want to have an
output in such a way that if a pcap got triggered I get its name in a
separate alert file. I mean that format should be similar to the following:

                                                    *Triggered stream
<-------> pcap file name.*

Till now I just get the output in a console, showing both the triggered and
non-triggered pcaps. But the output file i am generating is just showing
the triggered stream, not showing which pcap causes this. I want the file
name to be shown in the output file along with triggered stream.

So is there any command line for this.

Highly Appreciated

Thanks




-- 
*Syed Hassan Faizan*
*Malware Researcher*

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Showing triggered pcap file name in output alert Hassan Faizan (Dec 09)