[Snort-sigs] Snort PCAP on selected rules
jesler at ...435...
Thu Oct 4 09:39:37 EDT 2012
On Oct 4, 2012, at 12:38 AM, Mr. Qoheleth <qoheleth26 at ...2420...> wrote:
> Hello all once again!
> I have another question I was unable to find out: Snort has the ability to capture the traffic in pcap files. I am hoping there is a way to only start capturing the traffic of a conversation that matched a rule alert? So in orther words, I do not wish to save every packet on my network in my pcap files; I only wish to save packets that match a detected attack. So is there a way that once an alert fires, then I can have snort begin to log all traffic relating to that conversation in a pcap file?
> Thanks again so much!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs