[Snort-users] Including a MAC address
edin.dizdarevic at ...7509...
Fri Aug 22 04:23:23 EDT 2003
Do you mean in order to show it in ACID or in the alert file?
For the latter case try the "-e" switch.
A short look to the mysql tables shows me no link layer infos,
so I suppose this is not working (yet with ACID/MySQL).
Jade E. Deane wrote:
> Does anyone know a way to include the source and destination MAC
> address in an alert?
> Regards, Jade
More information about the Snort-users