[Snort-users] Get one specific attack dump from snort dump file.
Jorge Luiz Corrêa
jorge at ...14272...
Sat Jan 5 08:28:22 EST 2008
Hello World. This is my first post.
I have looked for in the last time a manner to get one specific attack
information from the snort dump file. So, I didn't find it. :/
For example, my snort is configured to gather packets on
snort_tcpdump.log and alerts on alert.log. When I see one alert in
alert.log, I need to get the packets from snort_tcpdump.log related to
this alert. Someone can help me? Do exist one possibility to do this?
For example, I need a system very similar to that present in Honeywall
CDROM (Honeynet Project). In this tool is possible to visualize the
occurrences of alerts. By clicking on alerts we can choose a 'decode
packets' option that show exactly the packets of this alert.
Is there an option like this on snort or tcpdump? I think this operation
is performed by a set os perl scripts on Honeywall tool.
Thank for all.
More information about the Snort-users