[Snort-users] How to dump a certain number of tcp packets (for TCPDUMP) when an alert is fired
Theary.Loch at ...2990...
Thu Sep 2 08:06:02 EDT 2004
My respects all,
I'm running Snort 2.2.0 on Linux (Kernel 2.4.21). This is the command line I use to start my daemon: /usr/sbin/snort -N -D -i eth1 -u snort -g snort -c /etc/snort/snort.conf
Could you please tell me how to log a certain number of packets when an alert is fired (tcp dump format) ? By default, I'm using alert_fast for all the other alerts.
Anyone can help ?
Thx in advance,
More information about the Snort-users