[Snort-users] Snort outputing like tcpdump
erek at ...950...
Fri Jan 17 06:04:03 EST 2003
On Thu, 16 Jan 2003, Christopher Lyon wrote:
> Can I have Snort output all packets that it sees to sql is the same
> format that tcpdump uses?
> I don't care about the payload just the raw stats. Any idea?
It depends on what you want.
tcpdump has a snaplen of 68 as a default. Snort uses 1514 as a default.
You can change that with the -P parameter.
Depending on what you want, snort can and will send the same data to the
DB. The output doesn't really matter since it's going into a db. You
could modify the db output plugin, but that's a whole different thing!
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users