[Snort-users] How to dump a certain number of tcp packets (for TCPDUMP) when an alert is fired

Loch Theary Theary.Loch at ...2990...
Thu Sep 2 08:06:02 EDT 2004


My respects all,

I'm running Snort 2.2.0 on Linux (Kernel 2.4.21). This is the command line I use to start my daemon: /usr/sbin/snort   -N  -D  -i eth1 -u snort -g snort -c /etc/snort/snort.conf

Could you please tell me how to log a certain number of packets when an alert is fired (tcp dump format) ? By default, I'm using alert_fast for all the other alerts.

Anyone can help ?

Thx in advance,
Theary







More information about the Snort-users mailing list