[Snort-users] Database plugin question
Dell, Jeffrey
JDell at ...2148...
Wed Aug 14 13:29:03 EDT 2002
gre(IP Protocol 47) and igrp(IP Protocol 9) will be covered by ip.
To get arp you can do:
log arp any any <> any any
-----Original Message-----
From: Radu Brumariu [mailto:brumariur at ...908...]
Sent: Wednesday, August 14, 2002 11:14 AM
To: Dell, Jeffrey
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Database plugin question
Thanks, Jeffrey for the input.
However, I would like snort to log _all_ the packets that it sees, including
arp,igrp,gre, etc.
Radu
On Wed, 2002-08-14 at 14:42, Dell, Jeffrey wrote:
> Use the rule:
>
> log ip any any <> any any
>
> This will log all ip packets.
>
> -----Original Message-----
> From: Radu Brumariu [mailto:brumariur at ...908...]
> Sent: Wednesday, August 14, 2002 10:27 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Database plugin question
>
>
>
> Hi all,
> I would like to know if it is possible to trick snort into logging
> every packet that it sees to the database rather then log|alert?
>
> thanks,
> Radu
>
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: Dice - The leading online job board
> for high-tech professionals. Search and apply for tech jobs today!
> http://seeker.dice.com/seeker.epl?rel_code=31
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
More information about the Snort-users
mailing list