[Snort-users] Snort outputting like tcpdump

Erek Adams erek at ...950...
Sun Jan 19 11:13:02 EST 2003


On Sun, 19 Jan 2003, Christopher Lyon wrote:

> Got it,
> So I would be better off using tcpdump, ethereal or something like that
> do capture what I want and log it to a separate database.

It depends.  Keep in mind that tcpdump can't log to a db.  You'll have to
log to a pcap and then run the pcap thru snort if you want it to go into a
db.

You might be better off to modify the db ouput plugin.  That way you could
just simply remove the payload from the output.  That would allow you to
still do intrusion detection, while logging everything except the payload
to the DB.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list