[Snort-users] Tracing packets

Patrice.Arnal at ...4604... Patrice.Arnal at ...4604...
Fri Mar 8 07:36:14 EST 2002


Hello

In order to get he maximum info on the activity on a new machine, I 
configured snort 
with a rule in local.rules :

log tcp any any <> xxx.xxx.xxx.xxx/32 any (logto:survey.log ; )

In the survey.log file I got only the headers, never the payload.
I get the payload in the other logfiles 

/usr/local/bin/SNORT-1.8.3/snort183 -o -i qfe1 -d -l /var/log/snort1.8.3 
-c /usr/local/bin/SNORT-1.8.3/snort.conf -D


Patrice ARNAL
ALCANET France
Site d'ILLKIRCH
1 Route du Dr Albert SCHWEITZER
67408 ILLKIRCH CEDEX




More information about the Snort-users mailing list