[Snort-users] Capturing Packets on Demand
cmg at ...671...
Tue Oct 2 12:14:07 EDT 2001
"Migus, Adam" <Adam_Migus at ...2706...> writes:
> I'm sure this question has probably been asked many times before but
> a quick scan of the FAQ revealed nothing so I'll ask again.
> What I want to do is this:
> For a given rule when the rule is triggered I want to log in tcpdump
Tagging in 1.8.1 is what you want.
add tag: session, 100, seconds; to whatever rule you want to capture
for the next 100seconds.
> format that packet and each subsequent packet until the connection is
> terminated. If possible I'd also like it if each time the rule was
> triggers it would log the binary data to separate logfiles so that
> each file contained only one trace. The second part is icing on the
> cake and it not essential.
No icing unless you want the prinatble type view.
Chris Green <cmg at ...671...>
A watched process never cores.
More information about the Snort-users