[Snort-users] Showing triggered pcap file name in output alert
hassanfaizan at ...17373...
Wed Dec 9 02:26:25 EST 2015
Actually, I am processing multiple pcaps by recurisng directory to look for
the pcaps through the following command
* snort -c snort.conf -l
../alert --pcap-dir <dir_path> -q -A console --pcap-show*
This command shows pcap going to be processed. What I want to have an
output in such a way that if a pcap got triggered I get its name in a
separate alert file. I mean that format should be similar to the following:
<-------> pcap file name.*
Till now I just get the output in a console, showing both the triggered and
non-triggered pcaps. But the output file i am generating is just showing
the triggered stream, not showing which pcap causes this. I want the file
name to be shown in the output file along with triggered stream.
So is there any command line for this.
*Syed Hassan Faizan*
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users