[Snort-users] Snort outputing like tcpdump

Christopher Lyon cslyon at ...6523...
Fri Jan 17 09:08:03 EST 2003


Is there a way not log the payload?


> -----Original Message-----
> From: Erek Adams [mailto:erek at ...950...]
> Sent: Friday, January 17, 2003 5:54 AM
> To: Christopher Lyon
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Snort outputing like tcpdump
> 
> On Thu, 16 Jan 2003, Christopher Lyon wrote:
> 
> > Can I have Snort output all packets that it sees to sql is the same
> > format that tcpdump uses?
> 
> [...snip...]
> 
> > I don't care about the payload just the raw stats. Any idea?
> 
> It depends on what you want.
> 
> tcpdump has a snaplen of 68 as a default.  Snort uses 1514 as a
default.
> You can change that with the -P parameter.
> 
> Depending on what you want, snort can and will send the same data to
the
> DB.  The output doesn't really matter since it's going into a db.  You
> could modify the db output plugin, but that's a whole different thing!
> 
> Cheers!
> 
> -----
> Erek Adams
> 
>    "When things get weird, the weird turn pro."   H.S. Thompson





More information about the Snort-users mailing list