[Snort-users] Snort outputing like tcpdump
cslyon at ...6523...
Fri Jan 17 09:08:03 EST 2003
Is there a way not log the payload?
> -----Original Message-----
> From: Erek Adams [mailto:erek at ...950...]
> Sent: Friday, January 17, 2003 5:54 AM
> To: Christopher Lyon
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Snort outputing like tcpdump
> On Thu, 16 Jan 2003, Christopher Lyon wrote:
> > Can I have Snort output all packets that it sees to sql is the same
> > format that tcpdump uses?
> > I don't care about the payload just the raw stats. Any idea?
> It depends on what you want.
> tcpdump has a snaplen of 68 as a default. Snort uses 1514 as a
> You can change that with the -P parameter.
> Depending on what you want, snort can and will send the same data to
> DB. The output doesn't really matter since it's going into a db. You
> could modify the db output plugin, but that's a whole different thing!
> Erek Adams
> "When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users