[Snort-sigs] Easy way to output alert and Hex+ASCII pcap data?
jesler at ...435...
Mon Mar 18 11:23:01 EDT 2013
On Mar 18, 2013, at 11:15 AM, Mike Cox <mike.cox52 at ...2420...> wrote:
> I'm looking for an easy way to output (to a text file) the alert data
> (what you see in alert_full output) as well as a full hex+ASCII dump
> of the packet(s) that caused the alert. Is there an easy way to do
> this? I'd rather not have to log alerts to one file and pcap to
> another and then attempt to merge them. Also, I'd rather not log to a
> DB or use unified2 and then have to parse unified2; I'd like this to
> be something I can just configure a sensor to do out of the box and
> not have to install a bunch of other packages. I'm not expecting it
> to be efficient or use it in production, just something to make
> testing easier. I thought there would be an easy way to do this ... am
> I missing something here?
Something like "-A cmg"?
Senior Research Engineer, VRT
OpenSource Community Manager
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs