[Snort-users] Snort outputing like tcpdump

Erek Adams erek at ...950...
Fri Jan 17 06:04:03 EST 2003


On Thu, 16 Jan 2003, Christopher Lyon wrote:

> Can I have Snort output all packets that it sees to sql is the same
> format that tcpdump uses?

[...snip...]

> I don't care about the payload just the raw stats. Any idea?

It depends on what you want.

tcpdump has a snaplen of 68 as a default.  Snort uses 1514 as a default.
You can change that with the -P parameter.

Depending on what you want, snort can and will send the same data to the
DB.  The output doesn't really matter since it's going into a db.  You
could modify the db output plugin, but that's a whole different thing!

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list