[Snort-users] Tcpdump logging

Martin Roesch roesch at ...421...
Thu Nov 23 01:32:10 EST 2000


You can do this precisely with Snort by just starting it in logging mode.  For
example:

snort -b -l <logdir>

This lets Snort know you just want to log every packet it sees (in binary mode
in this case).

    -Marty

Gregor Binder wrote:
> 
> Hi,
> 
> it would be great to have a -w option in snort that does basically the
> same thing as in tcpdump. This would be an excellent way to use snort
> for real-time alerts and as a shadow sensor on the same box with the
> least overhead.
> 
> I have been playing with the tcpdump output plug, but (AFAIK) there is
> no way to log everything that tcpdump would see, and it doesn't
> integrate as seamlessly as it could into the shadow scripts.
> 
> Anybody here trying to achieve the same thing? Comments? Other ideas?
> 
> Greetings,
>   Gregor.
> 
> --
> Gregor Binder  <gbinder at ...462...>  http://www.sysfive.com/~gbinder/
> sysfive.com GmbH             UNIX. Networking. Security. Applications.
> Gaertnerstrasse 125b, 20253 Hamburg, Germany       TEL +49-40-63647482
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch
roesch at ...421...
http://www.snort.org



More information about the Snort-users mailing list