[Snort-sigs] Easy way to output alert and Hex+ASCII pcap data?

Mike Cox mike.cox52 at ...2420...
Mon Mar 18 11:40:11 EDT 2013


Yeah, just like cmg (I saw that in the manual but didn't know what
"cmg style" was) but to a text file.  I guess I could always parse
stdout but I was hoping for a cleaner way.

Thanks a lot Joel.

-Mike Cox

On Mon, Mar 18, 2013 at 10:23 AM, Joel Esler <jesler at ...435...> wrote:
> On Mar 18, 2013, at 11:15 AM, Mike Cox <mike.cox52 at ...2420...> wrote:
>
> I'm looking for an easy way to output (to a text file) the alert data
> (what you see in alert_full output) as well as a full hex+ASCII dump
> of the packet(s) that caused the alert.  Is there an easy way to do
> this?  I'd rather not have to log alerts to one file and pcap to
> another and then attempt to merge them.  Also, I'd rather not log to a
> DB or use unified2 and then have to parse unified2; I'd like this to
> be something I can just configure a sensor to do out of the box and
> not have to install a bunch of other packages.  I'm not expecting it
> to be efficient or use it in production, just something to make
> testing easier. I thought there would be an easy way to do this ... am
> I missing something here?
>
>
>
> Something like "-A cmg"?
>
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
>




More information about the Snort-sigs mailing list