[Snort-users] Tcpdump logging

Gregor Binder gbinder at ...462...
Tue Nov 14 18:12:26 EST 2000


it would be great to have a -w option in snort that does basically the
same thing as in tcpdump. This would be an excellent way to use snort
for real-time alerts and as a shadow sensor on the same box with the
least overhead.

I have been playing with the tcpdump output plug, but (AFAIK) there is
no way to log everything that tcpdump would see, and it doesn't
integrate as seamlessly as it could into the shadow scripts.

Anybody here trying to achieve the same thing? Comments? Other ideas?


Gregor Binder  <gbinder at ...462...>  http://www.sysfive.com/~gbinder/
sysfive.com GmbH             UNIX. Networking. Security. Applications.
Gaertnerstrasse 125b, 20253 Hamburg, Germany       TEL +49-40-63647482

More information about the Snort-users mailing list