[Snort-users] [Snort-Users] about capturing packets
kevross33 at ...14012...
Mon Feb 13 03:31:25 EST 2012
By normal I assume you mean everything else (full packet capture?) and
affected I guess you mean logging the actual packet that triggered the
For logging the actual packet have snort logging to unified2 as it is
faster and then setup a database and have barnyard2 alerting to the
database. For normal packets I suggest if you have the disk space using
daemonlogger/openfpc to provide full packet capture and alerting
http://www.openfpc.org/ it can even be used with snorby to get the packets
you want http://snorby.org/. Various installation guides and what you need
can be found on the respective websites and the snort documentation.
On 13 February 2012 07:14, umakanta majhi <umakantmajhi at ...11827...> wrote:
> hi all
> can any one tell how we can log both normal packets and effected packets
> in IDS mode????
> To post to this group, send email to snortusers at ...14071...
> Please visit http://blog.snort.org for the latest news about Snort!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users