[Snort-sigs] Easy way to output alert and Hex+ASCII pcap data?

waldo kitty wkitty42 at ...3507...
Mon Mar 18 11:23:59 EDT 2013


On 3/18/2013 10:15, Mike Cox wrote:
> I'm looking for an easy way to output (to a text file) the alert data
> (what you see in alert_full output) as well as a full hex+ASCII dump
> of the packet(s) that caused the alert.  Is there an easy way to do
> this?  I'd rather not have to log alerts to one file and pcap to
> another and then attempt to merge them.  Also, I'd rather not log to a
> DB or use unified2 and then have to parse unified2; I'd like this to
> be something I can just configure a sensor to do out of the box and
> not have to install a bunch of other packages.  I'm not expecting it
> to be efficient or use it in production, just something to make
> testing easier. I thought there would be an easy way to do this ... am
> I missing something here?

short of writing your own output plugin that does the same as unified2 but with 
hex output of the pcap part, i'm not aware of anything...






More information about the Snort-sigs mailing list