[Snort-sigs] Easy way to output alert and Hex+ASCII pcap data?
mike.cox52 at ...2420...
Mon Mar 18 11:40:11 EDT 2013
Yeah, just like cmg (I saw that in the manual but didn't know what
"cmg style" was) but to a text file. I guess I could always parse
stdout but I was hoping for a cleaner way.
Thanks a lot Joel.
On Mon, Mar 18, 2013 at 10:23 AM, Joel Esler <jesler at ...435...> wrote:
> On Mar 18, 2013, at 11:15 AM, Mike Cox <mike.cox52 at ...2420...> wrote:
> I'm looking for an easy way to output (to a text file) the alert data
> (what you see in alert_full output) as well as a full hex+ASCII dump
> of the packet(s) that caused the alert. Is there an easy way to do
> this? I'd rather not have to log alerts to one file and pcap to
> another and then attempt to merge them. Also, I'd rather not log to a
> DB or use unified2 and then have to parse unified2; I'd like this to
> be something I can just configure a sensor to do out of the box and
> not have to install a bunch of other packages. I'm not expecting it
> to be efficient or use it in production, just something to make
> testing easier. I thought there would be an easy way to do this ... am
> I missing something here?
> Something like "-A cmg"?
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
More information about the Snort-sigs