[Snort-devel] Unified2 format

Jaime Nebrera jnebrera at ...2499...
Wed Feb 22 11:34:01 EST 2012


   Hi all,

   I have been discussing this in the snort user list, but the 
conclusion we have reached is that this seems not currently available.

   I would like to know if it is possible to include as part of the 
"alert" produced by snort the physical interface it came from. This 
information seems available to snort in the DAQ_PktHdr_t variable, but 
seem is not currently exploited by the logging system.

   May I ask if this assumption is correct? Is something that is 
available if activated in some "hidden" config directive? :D

   Kind regards




More information about the Snort-devel mailing list