[Snort-users] Database plugin question

Dell, Jeffrey JDell at ...2148...
Wed Aug 14 13:29:03 EDT 2002


gre(IP Protocol 47) and igrp(IP Protocol 9) will be covered by ip.

To get arp you can do:

log arp any any <> any any

-----Original Message-----
From: Radu Brumariu [mailto:brumariur at ...908...] 
Sent: Wednesday, August 14, 2002 11:14 AM
To: Dell, Jeffrey
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Database plugin question



Thanks, Jeffrey for the input. 
However, I would like snort to log _all_ the packets that it sees, including
arp,igrp,gre, etc.

Radu


On Wed, 2002-08-14 at 14:42, Dell, Jeffrey wrote:
> Use the rule:
> 
> log ip any any <> any any
> 
> This will log all ip packets.
> 
> -----Original Message-----
> From: Radu Brumariu [mailto:brumariur at ...908...]
> Sent: Wednesday, August 14, 2002 10:27 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Database plugin question
> 
> 
> 
> Hi all,
> I would like to know if it is possible to trick snort into logging 
> every packet that it sees to the database rather then log|alert?
> 
> thanks,
> Radu
> 
> 
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by: Dice - The leading online job board 
> for high-tech professionals. Search and apply for tech jobs today! 
> http://seeker.dice.com/seeker.epl?rel_code=31
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe: 
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive: 
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list