[Snort-users] Tcpdump logging
gbinder at ...462...
Tue Nov 14 18:12:26 EST 2000
it would be great to have a -w option in snort that does basically the
same thing as in tcpdump. This would be an excellent way to use snort
for real-time alerts and as a shadow sensor on the same box with the
I have been playing with the tcpdump output plug, but (AFAIK) there is
no way to log everything that tcpdump would see, and it doesn't
integrate as seamlessly as it could into the shadow scripts.
Anybody here trying to achieve the same thing? Comments? Other ideas?
Gregor Binder <gbinder at ...462...> http://www.sysfive.com/~gbinder/
sysfive.com GmbH UNIX. Networking. Security. Applications.
Gaertnerstrasse 125b, 20253 Hamburg, Germany TEL +49-40-63647482
More information about the Snort-users