[Snort-devel] Unified2 format
jnebrera at ...2499...
Wed Feb 22 11:34:01 EST 2012
I have been discussing this in the snort user list, but the
conclusion we have reached is that this seems not currently available.
I would like to know if it is possible to include as part of the
"alert" produced by snort the physical interface it came from. This
information seems available to snort in the DAQ_PktHdr_t variable, but
seem is not currently exploited by the logging system.
May I ask if this assumption is correct? Is something that is
available if activated in some "hidden" config directive? :D
More information about the Snort-devel