[Snort-users] Get one specific attack dump from snort dump file.

Jorge Luiz Corrêa jorge at ...14272...
Sat Jan 5 08:28:22 EST 2008


Hello World. This is my first post.

I have looked for in the last time a manner to get one specific attack 
information from the snort dump file. So, I didn't find it. :/

For example, my snort is configured to gather packets on 
snort_tcpdump.log and alerts on alert.log. When I see one alert in 
alert.log, I need to get the packets from snort_tcpdump.log related to 
this alert. Someone can help me? Do exist one possibility to do this?

For example, I need a system very similar to that present in Honeywall 
CDROM (Honeynet Project). In this tool is possible to visualize the 
occurrences of alerts. By clicking on alerts we can choose a 'decode 
packets' option that show exactly the packets of this alert.

Is there an option like this on snort or tcpdump? I think this operation 
is performed by a set os perl scripts on Honeywall tool.

Thank for all.
:)




More information about the Snort-users mailing list