[Snort-users] spo_log_tcpdump plugin

Joel Healy Joel.Healy at ...7405...
Wed Dec 4 18:09:01 EST 2002


Hi,

I am looking at using the TCPDUMP ouput log plugin and no problems with the
TCPDUMP files created, however i have noticed that hogwash only writes to
the output file when the process is stopped. Is there any configuration that
enables the writing of the TCPDUMP file with a certain frequency?

The reason i ask is that i am looking to scp the TCPDUMP files to a central
correlation point where i then snort -X -r them so they can be served up via
http (linked to by Snortsnarf).

Now the bit that may complicate matters is that i actually talking about
snort 1.8.6 libraries that are used with Hogwash.. 


cheers

joel


-------
(This e-mail message and any accompanying attachments may contain
information that is confidential and subject to legal privilege. If you are
not the intended recipient, do not read, use, disseminate, distribute or
copy this message or attachments.  If you have received this message in
error, please delete the message and, if convenient, inform the sender as
soon as possible.)




More information about the Snort-users mailing list