Snort mailing list archives
Re: Database plugin question
From: Phil Wood <cpw () lanl gov>
Date: Wed, 14 Aug 2002 15:31:29 -0600
On Wed, Aug 14, 2002 at 10:13:47AM -0500, Radu Brumariu wrote:
Thanks, Jeffrey for the input. However, I would like snort to log _all_ the packets that it sees, including arp,igrp,gre, etc.
I would use tcpdump for that: tcpdump -i eth0 -w pcapfile -s 1514 You can even feed that file into snort for analysis. Instead of -i, use -r pcapfile snort does not handle non ip packets. You could use snort to grab the ip packets with the rule supplied by Jeffrey, and you could use tcpdump at the same time to get all the non-ip packets with the following: tcpdump -i eth0 -w pcapfile -s 1514 not ip
Radu On Wed, 2002-08-14 at 14:42, Dell, Jeffrey wrote:Use the rule: log ip any any <> any any This will log all ip packets. -----Original Message----- From: Radu Brumariu [mailto:brumariur () missouri edu] Sent: Wednesday, August 14, 2002 10:27 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Database plugin question Hi all, I would like to know if it is possible to trick snort into logging every packet that it sees to the database rather then log|alert? thanks, Radu ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Phil Wood, cpw () lanl gov ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Database plugin question Radu Brumariu (Aug 14)
- <Possible follow-ups>
- RE: Database plugin question Kevin Brown (Aug 14)
- RE: Database plugin question Dell, Jeffrey (Aug 14)
- RE: Database plugin question Radu Brumariu (Aug 14)
- Re: Database plugin question hackerwacker (Aug 14)
- Re: Database plugin question Phil Wood (Aug 14)
- Re: Database plugin question Radu Brumariu (Aug 15)
- Re: Database plugin question Phil Wood (Aug 15)
- RE: Database plugin question Radu Brumariu (Aug 14)