[Snort-sigs] Easy way to output alert and Hex+ASCII pcap data?

Joel Esler jesler at ...435...
Mon Mar 18 11:23:01 EDT 2013


On Mar 18, 2013, at 11:15 AM, Mike Cox <mike.cox52 at ...2420...> wrote:

> I'm looking for an easy way to output (to a text file) the alert data
> (what you see in alert_full output) as well as a full hex+ASCII dump
> of the packet(s) that caused the alert.  Is there an easy way to do
> this?  I'd rather not have to log alerts to one file and pcap to
> another and then attempt to merge them.  Also, I'd rather not log to a
> DB or use unified2 and then have to parse unified2; I'd like this to
> be something I can just configure a sensor to do out of the box and
> not have to install a bunch of other packages.  I'm not expecting it
> to be efficient or use it in production, just something to make
> testing easier. I thought there would be an easy way to do this ... am
> I missing something here?


Something like "-A cmg"?

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130318/20f92702/attachment.html>


More information about the Snort-sigs mailing list