[Snort-users] [Snort-Users] about capturing packets

Kevin Ross kevross33 at ...14012...
Mon Feb 13 03:31:25 EST 2012


By normal I assume you mean everything else (full packet capture?) and
affected I guess you mean logging the actual packet that triggered the
alert?

For logging the actual packet have snort logging to unified2 as it is
faster and then setup a database and have barnyard2 alerting to the
database. For normal packets I suggest if you have the disk space using
daemonlogger/openfpc to provide full packet capture and alerting
http://www.openfpc.org/ it can even be used with snorby to get the packets
you want http://snorby.org/. Various installation guides and what you need
can be found on the respective websites and the snort documentation.

Kind Regards,
Kevin Ross


On 13 February 2012 07:14, umakanta majhi <umakantmajhi at ...11827...> wrote:

> hi all
>
> can any one tell how we can log both normal packets and effected packets
> in IDS mode????
>
> --
> To post to this group, send email to snortusers at ...14071...
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120213/63c94497/attachment.html>


More information about the Snort-users mailing list