[Snort-users] simple quick question
jed at ...2168...
Thu Jun 14 10:09:47 EDT 2001
You can't. At least not in the alert file.
Try using a -b on the command line or put:
output log_tcpdump: tcpdump.log
Into your configuration file.
This will cause snort to log the packets in tcpdump format into your log dir.
You can then use snort -dv -r <tcpdump log file> to look at the packets. Or
you can use ethereal or any of the many other tools that work with tcpdump
On Thursday 14 June 2001 02:09 am, you wrote:
> I've snort configured that it will log to MySQL and /var/log/snort/alert
> When there is an alert found that I want to know more about, I have a
> look at the payload and IP numbers, etc. via Acid GUI.
> When I have a look at the alert file I can't find any payload
> information. I played with some configuration settings but I can't get
> snort log the payload in the alert file.
> Does anybody has an idea?
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users