[Snort-devel] TCPDUMP - logging traffic from an attacker

Robert Wagner rwagner at ...1225...
Wed Mar 27 09:53:09 EST 2002


It appears that this needs to be done on a per rule basis.  Thanks for the
information!

-----Original Message-----
From: Chris Green [mailto:cmg at ...402...]
Sent: Wednesday, March 27, 2002 10:52 AM
To: Robert Wagner
Cc: 'snort-devel at lists.sourceforge.net'
Subject: Re: [Snort-devel] TCPDUMP - logging traffic from an attacker


Robert Wagner <rwagner at ...1225...> writes:

> 1)  An "output TCP_DUMP Count# Time#"  That would append the log generated
> by snort for the attacker with the next Count# packets or packets to or
from
> the attacker in Time# seconds

> Please let me know your thoughts
> Thanks in advance for any assistance

You'll be happy to know that already exists.

Check out tag in section 2.3.31 of the manual.
-- 
Chris Green <cmg at ...402...>
This is my signature. There are many like it but this one is mine.




More information about the Snort-devel mailing list