[Snort-devel] Snort Output Plugin

Alex Butcher, ISC/ISYS Alex.Butcher at ...2437...
Fri Oct 22 01:19:28 EDT 2004


--On 21 October 2004 08:52 +0200 Leendert Meyer <leendert at ...2660...> 
wrote:

> On Thu, 2004-10-21 at 08:11, Daniel Walther wrote:
>
>> Or exist there any Snort Output Plugin, that allows me, to save all the
>> alerts and the tcpdump output in a pipe?
>
> I am interested in this one myself ...

FLoP is probably the right solution for you. It uses unified-like output, 
but over UNIX sockets. Packet captures are supported, and in 1.4.0, it's 
possible to associate tagged packets with the parent alert and generate a 
pcap file containing them all.

Best Regards,
Alex.
-- 
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9






More information about the Snort-devel mailing list