[Snort-users] simple quick question

Jed Haile jed at ...2168...
Thu Jun 14 10:09:47 EDT 2001


Short answer:
You can't. At least not in the alert file.

Long answer:
Try using a -b on the command line or put:
output log_tcpdump: tcpdump.log
Into your configuration file.

This will cause snort to log the packets in tcpdump format into your log dir. 
You can then use snort -dv -r <tcpdump log file> to look at the packets. Or 
you can use ethereal or any of the many other tools that work with tcpdump 
files.

Have fun,
Jed

On Thursday 14 June 2001 02:09 am, you wrote:
> I've snort configured that it will log to MySQL and /var/log/snort/alert
> file.
> When there is an alert found that I want to know more about, I have a
> look at the payload and IP numbers, etc. via Acid GUI.
> When I have a look at the alert file I can't find any payload
> information. I played with some configuration settings but I can't get
> snort log the payload in the alert file.
> Does anybody has an idea?
>
> Thanks,
>
>   Roeland
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list