[Snort-users] Snort /var/log/snort/tcpdump<>

amN0P at ...14399... amN0P at ...14399...
Mon Dec 26 22:52:10 EST 2011


Hi everyone,

I am sending Snort alerts to central syslog server. If I want more insight I go to /var/log/snort/tcpdumpxxx pcap files to learn what triggered the alert.

Many a times I dont see a equivalent pcap log for syslog alert. What do these tcpdump pcap contain and no contain. Does it have full packet dumps of all alerts triggered from rules file but not from so rules? Can someone please clarify. Thanks.

-Ams
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20111227/47113279/attachment.html>


More information about the Snort-users mailing list