[Snort-sigs] Snort PCAP on selected rules
qoheleth26 at ...2420...
Thu Oct 4 00:38:58 EDT 2012
Hello all once again!
I have another question I was unable to find out: Snort has the ability to
capture the traffic in pcap files. I am hoping there is a way to only
start capturing the traffic of a conversation that matched a rule alert?
So in orther words, I do not wish to save every packet on my network in my
pcap files; I only wish to save packets that match a detected attack. So
is there a way that once an alert fires, then I can have snort begin to log
all traffic relating to that conversation in a pcap file?
Thanks again so much!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs