[Snort-devel] TCPDUMP - logging traffic from an attacker

Chris Green cmg at ...402...
Wed Mar 27 10:00:02 EST 2002


Robert Wagner <rwagner at ...1225...> writes:

> It appears that this needs to be done on a per rule basis.  Thanks for the
> information!

Yes it does.  For an unsupported patch that makes it easier, search
the mail list archives for something called "tagaction". .

http://marc.theaimsgroup.com/?l=snort&s=tagaction

Use the patch from the newest email, the documentation from the others
:-)
-- 
Chris Green <cmg at ...402...>
This is my signature. There are many like it but this one is mine.





More information about the Snort-devel mailing list