[Snort-users] [Snort-Users] about capturing packets

Kevin Ross kevross33 at ...14012...
Mon Feb 13 03:31:25 EST 2012

By normal I assume you mean everything else (full packet capture?) and
affected I guess you mean logging the actual packet that triggered the

For logging the actual packet have snort logging to unified2 as it is
faster and then setup a database and have barnyard2 alerting to the
database. For normal packets I suggest if you have the disk space using
daemonlogger/openfpc to provide full packet capture and alerting
http://www.openfpc.org/ it can even be used with snorby to get the packets
you want http://snorby.org/. Various installation guides and what you need
can be found on the respective websites and the snort documentation.

Kind Regards,
Kevin Ross

On 13 February 2012 07:14, umakanta majhi <umakantmajhi at ...11827...> wrote:

> hi all
> can any one tell how we can log both normal packets and effected packets
> in IDS mode????
> --
> To post to this group, send email to snortusers at ...14071...
> Please visit http://blog.snort.org for the latest news about Snort!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120213/63c94497/attachment.html>

More information about the Snort-users mailing list