Re: Packet Capture

["Al Lewis \(allewi\) via Snort-users" <snort-users () lists snort org>]

Check out the session feature:

http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node34.html#SECTION00472000000000000000


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Snort-users <snort-users-bounces () lists snort org<mailto:snort-users-bounces () lists snort org>> on behalf of 
Justin Pederson via Snort-users <snort-users () lists snort org<mailto:snort-users () lists snort org>>
Reply-To: Justin Pederson <jpedersm () gmail com<mailto:jpedersm () gmail com>>
Date: Thursday, June 29, 2017 at 3:08 PM
To: "snort-users () lists snort org<mailto:snort-users () lists snort org>" <snort-users () lists snort 
org<mailto:snort-users () lists snort org>>
Subject: [Snort-users] Packet Capture

Is there a way with snort to start a full pcap on an interface for the entire interface or specific IP based on an 
alert from the IDS?

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!