Snort mailing list archives
Re: full tcpdump logging with alerting
From: Chris Green <cmg () uab edu>
Date: 13 Aug 2001 08:04:27 -0500
Ryan.Oliver () pha com au writes:
Greetings all, I was wondering if it was possible to run snort logging ALL traffic to a tcpdump file ( not just alerts ), while logging alerts etc to a database/syslog in real time.
I think include "blah.rules" ... With the last rule of # traffic logging rule log ip any any -> any any (msg: "traffic") There might be a better way to do this. Note that this will require a fairly recent snort though there's the smell of a very stable snort coming out sometime soon :> you could do about the same in older versions with log udp / log tcp / log icmp Note that your files may grow very large very quickly and you could run into OS issues but I'm sure you've thought about this. -- Chris Green <cmg () uab edu> Laugh and the world laughs with you, snore and you sleep alone. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- full tcpdump logging with alerting Ryan . Oliver (Aug 13)
- Re: full tcpdump logging with alerting Chris Green (Aug 13)
- Re: full tcpdump logging with alerting Martin Roesch (Aug 13)
- Re: full tcpdump logging with alerting Martin Roesch (Aug 13)
- <Possible follow-ups>
- Re: full tcpdump logging with alerting Ryan . Oliver (Aug 14)
- Re: full tcpdump logging with alerting Chris Green (Aug 13)