[Snort-devel] Snort Output Plugin
Alex Butcher, ISC/ISYS
Alex.Butcher at ...2437...
Fri Oct 22 01:19:28 EDT 2004
--On 21 October 2004 08:52 +0200 Leendert Meyer <leendert at ...2660...>
> On Thu, 2004-10-21 at 08:11, Daniel Walther wrote:
>> Or exist there any Snort Output Plugin, that allows me, to save all the
>> alerts and the tcpdump output in a pipe?
> I am interested in this one myself ...
FLoP is probably the right solution for you. It uses unified-like output,
but over UNIX sockets. Packet captures are supported, and in 1.4.0, it's
possible to associate tagged packets with the parent alert and generate a
pcap file containing them all.
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
More information about the Snort-devel